Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1540234
MD5:af3d3fda1b3964c834c3f6a5d63862e8
SHA1:550a8e43a1cca0c21bf5b2a5bafe2a0236dae923
SHA256:6a2ff07c761f66b225d113d7fde579361e4b10e8770d97d734fe92940592a618
Tags:exeuser-jstrosch
Infos:

Detection

Score:22
Range:0 - 100
Whitelisted:false
Confidence:60%

Compliance

Score:49
Range:0 - 100

Signatures

Java source code contains very large array initializations
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5924 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AF3D3FDA1B3964C834C3F6A5D63862E8)
    • HamSphere_4.010a.exe (PID: 3284 cmdline: "C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe" MD5: 9A2475E8E690A6A120A1C8738E9AB043)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Uses 32bit PE files
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Creates install or setup log file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\install.logJump to behavior
PE / OLE file has a valid certificate
Source: file.exeStatic PE information: certificate valid
Uses new MSVCR Dlls
Source: C:\Users\user\Desktop\file.exeFile opened: C:\HamSphere\HamSphere_4.010a\rt\bin\msvcr100.dllJump to behavior
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.dc\dcpr\obj\dcpr.pdbi source: file.exe, 00000000.00000003.1708854994.0000000003B75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708414729.0000000003314000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\java.net\net\obj\net.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2660623950.000000006E6EC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.font\fontmanager\obj\fontmanager.pdbB source: HamSphere_4.010a.exe, 00000004.00000002.2661725192.000000006FE3E000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.font\t2k\obj\t2k.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2661557817.000000006FE17000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\java.net\net\obj\net.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2660623950.000000006E6EC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\java\java.nio\nio\obj\nio.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2661993669.0000000073977000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.dc\dcpr\obj\dcpr.pdb source: file.exe, 00000000.00000003.1708854994.0000000003B75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708414729.0000000003314000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.awt\jpeg\obj\jpeg.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2661323813.000000006FD9E000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.awt\awt\obj\awt.pdb source: file.exe, 00000000.00000003.1708854994.0000000003B75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708414729.0000000003314000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.awt\awt\obj\awt.pdbp source: file.exe, 00000000.00000003.1708854994.0000000003B75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708414729.0000000003314000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.font\fontmanager\obj\fontmanager.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2661725192.000000006FE3E000.00000002.00000001.01000000.00000016.sdmp
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_00410110 GetModuleHandleA,FindFirstFileA,FindClose,FindFirstFileA,FindClose,LoadLibraryA,GetProcAddress,GetProcAddress,4_2_00410110
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_0040F460 FindFirstFileA,FindClose,4_2_0040F460
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_0040D7F0 FindFirstFileA,GetProcessHeap,HeapAlloc,FindNextFileA,FindClose,4_2_0040D7F0
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_02396110 EntryPoint,DisableThreadLibraryCalls,GetModuleHandleA,FindFirstFileA,FindClose,FindFirstFileA,FindClose,LoadLibraryA,GetProcAddress,GetProcAddress,4_2_02396110
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_02396710 FindFirstFileA,FindClose,4_2_02396710
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_071B1740 FindFirstFileA,FindClose,4_2_071B1740
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]4_2_0048405D
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_004480F4
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push edi4_2_0045A084
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_00482170
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_00482170
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_0043C1E1
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_0044F1C3
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push 004B9AF8h4_2_004471F4
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then add esp, FFFFFFF4h4_2_00447184
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_004472E4
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_0044D294
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_00447314
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_0041B480
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_0043B674
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then add esp, FFFFFFF4h4_2_0043B744
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_0042B730
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_0047F730
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_0047F7DD
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebx4_2_0043B7A4
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push 004BAA68h4_2_0040B8A6
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push 004B73E8h4_2_004259EF
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_0046F985
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_00441A54
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_0046FA64
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_0043BA22
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_00443AC4
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_00443A94
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_00443B34
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_00443BE4
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_0041BB8F
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_0040BC45
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_00443C54
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_00447C04
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push 004B96B0h4_2_00443E64
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]4_2_00483E3E
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_0045BF75
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_00443F04
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push 024A6998h4_2_021FB21F
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_02208256
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then add esp, FFFFFFF4h4_2_021EC264
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push edi4_2_022082A4
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push edi4_2_0220A2A5
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then xor eax, eax4_2_021E4290
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [024C9498h]4_2_021EC2A4
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+10h]4_2_02214343
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_021EA3D4
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_021EC104
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then add esp, FFFFFFF4h4_2_0220B140
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then add esp, FFFFFFF0h4_2_0220B140
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then add esp, FFFFFFF0h4_2_0220B140
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then add esp, FFFFFFF4h4_2_0220B140
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push esi4_2_021E9164
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push esi4_2_02210195
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [024C9494h]4_2_021EC1DC
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push 024A6998h4_2_021FB1CC
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [024C9494h]4_2_021EC1FE
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push 024A58E8h4_2_021F3610
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebx4_2_02201605
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push esi4_2_021F9673
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_02200754
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]4_2_021EA40D
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]4_2_021ED484
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push 024A3C90h4_2_021E7575
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push 024A7088h4_2_021FF594
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push 024A58E8h4_2_021F3590
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_021F45AF
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_021E2A44
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_02200A84
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_021E9AE5
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_071CFF65
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_071BEFA6
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]4_2_071C1E4C
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push eax4_2_071BFEC9
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebx4_2_071C9D0B
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebx4_2_071C9F41
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebx4_2_071C9F97
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebx4_2_071C9FED
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebx4_2_071C9E4B
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebx4_2_071C9E9B
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebx4_2_071C9EEB
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4x nop then push ebp4_2_0042004E
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /antennas.php HTTP/1.1User-Agent: Java/1.7.0_55Host: hs4.hamsphere.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /news40.php HTTP/1.1User-Agent: Java/1.7.0_55Host: hs4.hamsphere.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /images/hs5logo.jpg HTTP/1.1User-Agent: Java/1.7.0_55Host: hs40.hamsphere.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: hs4.hamsphere.com
Source: global trafficDNS traffic detected: DNS query: hs40.hamsphere.com
Source: unknownHTTP traffic detected: POST /getremotenames.php HTTP/1.1User-Agent: Java/1.7.0_55Host: hs4.hamsphere.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-aliveContent-type: application/x-www-form-urlencodedContent-Length: 3
Source: HamSphere_4.010a.exeString found in binary or memory: http://NAK:plugins/plugins.graphics/hspl_led_big_red.pngPING:3.0addURL./pluginsCaptur
Source: HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://NAK:plugins/plugins.graphics/hspl_led_big_red.pngPING:3.0addURL./pluginsCaptureISO-8859-1http
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodingscreateMessage
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-errorSintaxe
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodesoptionXXoptionXTAsserzione
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-declIl
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodesER_CANNOT_CMPL_EXTENSNbaseenvelopedSignatu
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespaceThe
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/feature-read-only$
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotationsInputStream
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocationsNamespace-URI
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settingsM
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicatesXMLReader
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlySubstitut
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growthdetach()
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/namespacesAbfragezeichenfolge
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdXalan:
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refsNom
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformantThe
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotationsN
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesxsltc.jar<
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamicEXPRTOKEN_CLOSE_PAREN(StylesheetHandler)
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi(StylesheetHandler)
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultgenerate-translet
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueApache
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schemaElement
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdefErforderliches
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/validationCurrency
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-urisgetNextSiblingn0DTMg0OUL
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-languageTentative
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/La
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-nodeCyrillicWG_ENCODING_NOT_SUPPORTED_USING_JAV
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-nameexclude-result-prefixesX
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size$aster$Ergebnis
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factorysystemSuffixN.
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scannercause
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-managerNombre
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolverImpossible
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handlerXSLTC
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporterjavax.xml.stream.XMLInputFactoryER_BAD_STYLE
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-poolyesXPath
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binderIO
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-contextCreazione
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolverOgiltigt
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-tablehrefIllegal
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-managerAES/CBC/ISO10126PaddingThirty-SevenFalha
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factorygetChildren
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtdxmlStructure
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schemaDeprecated
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handlerAV
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xpointer-handlerxml:space
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/localeJAXP
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationER_XMLRDR_NOT_BEFORE_START
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation(StylesheetHandler)
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/security-managerV
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/xpointer-schema
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/xpointer-schema.
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/properties/xpointer-schemaCannot
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/serializerSYNTAXE
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypesSe
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ca.crl0:
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certum.pl/ctnca.crl0
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: file.exe, 00000000.00000003.1647838320.0000000004D81000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625575967.0000000006B08000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625431850.00000000069F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625695568.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: file.exe, 00000000.00000003.1647838320.0000000004D81000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625575967.0000000006B08000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625431850.00000000069F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625695568.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://exslt.org/common
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://exslt.org/common:nodeSetIl
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://exslt.org/common:objectTypeEBCDIC-CP-ROECEdoctype-publicboolean(...)
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://exslt.org/dates-and-timesLcom/sun/org/apache/xalan/internal/xsltc/dom/DOMAdapter;Could
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://exslt.org/dynamicappendhttp://xml.org/sax/features/string-interningDans
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://exslt.org/functionsIntern
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://exslt.org/math
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://exslt.org/setsAttribute
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://exslt.org/stringsXalan:
Source: HamSphere_4.010a.exeString found in binary or memory: http://hs4.hamsphere.com/antennas.php/skins/120C96d5C1plain_blackhttp://hs4.hamsphere.com/getremoten
Source: HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://hs4.hamsphere.com/copyremoterig.phpunderlineInterrupted15mipError:
Source: HamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://hs4.hamsphere.com/deleteremoterig.phpgraphics/hspl_led_medium_red.pngfmt
Source: HamSphere_4.010a.exeString found in binary or memory: http://hs4.hamsphere.com/ge
Source: HamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://hs4.hamsphere.com/getrandomserver.php?callsign="combographics/hspl_led_small_yellow.pngh
Source: HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://hs4.hamsphere.com/getremoterig.php3154BDA62539DC66SPEEX_VBR_quality_7graphics/hspl_medium_but
Source: HamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://hs4.hamsphere.com/getremotesettings.phpInvalid
Source: HamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1754899830.00000000167CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://hs4.hamsphere.com/news40.php
Source: HamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://hs4.hamsphere.com/posterror.php'Insufficient
Source: HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://hs4.hamsphere.com/renameremoterig.php4.010aLSBENTmozilla
Source: HamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://hs4.hamsphere.com/saveremoterig.phpUSBshCorrupt
Source: HamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://hs4.hamsphere.com/saveremotesettings.phpServer
Source: HamSphere_4.010a.exe, 00000004.00000002.2656388178.000000001658C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://hs40.hamsphere.com
Source: HamSphere_4.010a.exe, 00000004.00000002.2642887092.0000000004D22000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2642626722.0000000004CD6000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2640808641.00000000040A2000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2656388178.000000001657C000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1754427496.0000000004CD6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://hs40.hamsphere.com/images/hs5logo.jpg
Source: HamSphere_4.010a.exe, 00000004.00000002.2648927578.000000001327E000.00000008.00000001.01000000.0000000A.sdmpString found in binary or memory: http://java.sun.com/dtd/preferences.dtd.
Source: HamSphere_4.010a.exe, 00000004.00000002.2648927578.000000001327E000.00000008.00000001.01000000.0000000A.sdmpString found in binary or memory: http://java.sun.com/dtd/properties.dtdartsetcbokngetKDCFromDNS
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/j2se/1.6.0/docs/guide/standards/)
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/dom
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/domAssertion
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-checkScheme
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/XMLDSig
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguageaxe
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSourceYou
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/MSG_MORE_THAN_ONE_NOTATION_ATTRIBUTESecurityException
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespaceEn
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/CipherData.getDataType()
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtdparser.atom.4
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event_sTypesArray(Z)ZCodifica
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processingPUTjavax.xml.soap.SOAPConnectionFactory
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/Tento
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDFailed
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemaKunde
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheetNo
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMResult/featureObjet
Source: HamSphere_4.010a.exe, 00000004.00000002.2648927578.000000001327E000.00000008.00000001.01000000.0000000A.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMSource/featureJIT
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMSource/featurez
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXSource/featureOgiltigt
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/featureCould
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXResult/featureInvalid
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/featureSe
Source: HamSphere_4.010a.exe, 00000004.00000002.2648927578.000000001327E000.00000008.00000001.01000000.0000000A.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/featuredoAsPrivilegedCARIansi_x3.4-1968amurskinvalid
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamSource/featurefconstElaborazione
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jaxb.dev.java.net/arraymessage.nullEncodingAlgorithmURIelementGetText()
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jvnet.org/fastinfoset/parser/properties/buffer-sizeNull
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jvnet.org/fastinfoset/parser/properties/external-vocabulariesprefix/:
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jvnet.org/fastinfoset/parser/properties/force-stream-closereadOnce()
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jvnet.org/fastinfoset/parser/properties/registered-encoding-algorithmslocalNameCouldn
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jvnet.org/fastinfoset/parser/properties/string-interningfaultcodefalseMS932UNRESOLVED_IDREFSA
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jvnet.org/fastinfoset/sax/properties/primitive-type-content-handlermessage.unexpectedEventTyp
Source: HamSphere_4.010a.exe, 00000004.00000002.2648927578.000000001327E000.00000008.00000001.01000000.0000000A.sdmpString found in binary or memory: http://null.sun.com//Library/Preferences/edu.mit.Kerberosnull
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://nwalsh.com/xcatalog/1.0///
Source: file.exe, 00000000.00000003.1647838320.0000000004D81000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625575967.0000000006B08000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625431850.00000000069F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625695568.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: file.exe, 00000000.00000003.1647838320.0000000004D81000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625575967.0000000006B08000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625431850.00000000069F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1625695568.00000000061EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0$
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1726548197.00000000040B2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.example.net:80
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnca.cer0/
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/drem
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/-Xalan(u
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/versioncom.sun.xml.internal.bind.xmlHeadersgotomessage.deco
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/security/2000-12ChunkedIntArray(
Source: HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://shop.hamsphere.com/advanced_search_result.php?keywords=ANT
Source: HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://shop.hamsphere.com/advanced_search_result.php?keywords=Select
Source: HamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://shop.hamsphere.comASSEMBLY(1):
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ws-i.org/profiles/basic/1.1/swaref.xsdcom.sun.xml.internal.messaging.saaj.soap.ver1_1--%M-%D%
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.alphaworks.ibm.com/formula/xml
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.alphaworks.ibm.com/formula/xml(StylesheetHandler)
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.alphaworks.ibm.com/formula/xml/
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.alphaworks.ibm.com/formula/xmlARCHIVEotherwisefind
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.alphaworks.ibm.com/formula/xmlER_NODESET_NOT_MUTABLEaddAttribute1697-02-01T00:00:00ZgetDe
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.alphaworks.ibm.com/formula/xmlJAXP:
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.alphaworks.ibm.com/formula/xmlNull
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.alphaworks.ibm.com/formula/xmlPath
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.alphaworks.ibm.com/formula/xmlunsignedLongXRTreeFragSelectWrapper
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.certicom.com/2000/11/xmlecdsig#ecdsa-sha1XPTRTOKEN_ELEM_NCNAMEL
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.entrust.net/CRL/net1.crl0
Source: HamSphere_4.010a.exe, 00000004.00000002.2648613254.0000000013277000.00000004.00000001.01000000.0000000A.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2656388178.0000000016560000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2636523787.0000000000643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.excelsior-usa.com
Source: HamSphere_4.010a.exe, 00000004.00000002.2648927578.000000001327E000.00000008.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.excelsior-usa.comUnknown
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.0000000000643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.excelsior-usa.coma
Source: HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.excelsior-usa.comjava.vendor.urlSun-Oracle
Source: HamSphere_4.010a.exe, 00000004.00000002.2648613254.0000000013277000.00000004.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.excelsior-usa.comxrJavaProp.modunknown
Source: HamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.hamsphere.com/registertheorderLOGIN_ERROR&newname=idError
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ibm.com/Bad
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ietf.org/rfc/rfc2373.txt)
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.isi.edu/in-notes/iana/assignments/media-types/internal/error-handlerAppel
Source: file.exe, 00000000.00000003.1625695568.00000000067EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilteranalyse
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtdFragment
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.rng
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oasis-open.org/committees/entity/release/1.0/catalog.xsd-//W3C//DTD
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism(annotation?
Source: HamSphere_4.010a.exe, 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javase/documentation/index.html
Source: HamSphere_4.010a.exe, 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javase/documentation/index.html.Africa/Luandafriulanoaymar
Source: HamSphere_4.010a.exe, 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javase/documentation/index.html.pashtoAustralia/QueenslandTon
Source: HamSphere_4.010a.exe, 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javase/documentation/index.htmlD
Source: HamSphere_4.010a.exe, 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javase/documentation/index.htmlDollaro
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/is-standaloneError
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimitFilterParentPath(
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimitE-CfenvironmentDDCcNo
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimitunsignedByteSe
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimitNezn
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimitLe
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimitparser.factor.0((##any
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/system-propertyER_COULD_NOT_RESOLVE_NODEorg.w3c.dom.xpath.
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit___multiple_node_counter
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManagerjava/text/Collator
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sun.com/xml/sax-events
Source: HamSphere_4.010a.exe, 00000004.00000003.1754115294.0000000016864000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2656388178.000000001684C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comMicrosoft
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valicert.com/1
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.xmlsecurity.org/NS/#configuration
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xmlsecurity.org/experimental#
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://www.xmlsecurity.org/experimental#xstr()
Source: HamSphere_4.010a.exe, 00000004.00000003.1754115294.0000000016864000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xalan-j
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan-j/faq.html
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan-jNot
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan/PipeDocumentIl
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan/features/incremental
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan/features/incrementalD
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan/features/optimize
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan/java
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan/psuedovarhttp://apache.org/xml/features/warn-on-duplicate-entitydefError
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan/sql
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan/xsltc/javacvc-enumeration-validErreur
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan/xsltcISO-IR-149ISO-IR-148ISO-IR-144DTMLiaison
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xalan:nodesetXRTreeFragSelectWrapper
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xpath/features/whitespace-pre-strippingRecursiveIncludehexBinary
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xslt
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xslt/javaISO_8859-3ISO_8859-2ResolverISO_8859-1Errore
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.org/xsltN
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.apache.orggoto_w
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTDEmpty
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities.
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entitiesImpossible
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities2.1Can
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entitiesdigestValue
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixesxop
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/features/namespacesCe
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespacesappendFaultSubcodeBYTEEntity
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningfeature
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/features/true-not-supported
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2com.sun.org.apache.xerces.internal.impl.dv.dtd.XML11
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/features/validationAxis
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/features/xmlns-urisnulln0P
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/properties/declaration-handlerusing
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/properties/dom-nodeER_STARTPARSE_WHILE_PARSINGt
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handlerSystemId-Unknown:locator-unavailable:
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-stringSe
Source: HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://xsl.lotus.com/javaInternal
Source: HamSphere_4.010a.exe, 00000004.00000002.2656388178.00000000167CC000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2642626722.0000000004CD6000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2656388178.00000000165A0000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2640808641.00000000040A2000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1754427496.0000000004CD6000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2656388178.0000000016824000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1754899830.00000000167CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hs50.hamsphere.com/?external
Source: HamSphere_4.010a.exe, 00000004.00000002.2656388178.000000001658C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hs50.hamsphere.com/?externalb
Source: HamSphere_4.010a.exe, 00000004.00000002.2656388178.000000001658C000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2656388178.00000000167CC000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2642626722.0000000004CD6000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2640808641.00000000040A2000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1754427496.0000000004CD6000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2656388178.0000000016824000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1754899830.00000000167CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hs50.hamsphere.com?external
Source: HamSphere_4.010a.exe, 00000004.00000002.2656388178.0000000016824000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hs50.hamsphere.com?external8
Source: HamSphere_4.010a.exe, 00000004.00000002.2656388178.00000000167CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hs50.hamsphere.com?externall
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.certum.pl/CPS0

System Summary

barindex
Java source code contains very large array initializations
Source: sunmscapi.jar.0.dr, com/sun/crypto/provider/BlowfishCrypt.javaLarge array initialization: F: array initializer size 1042
Source: sunpkcs11.jar.0.dr, com/sun/crypto/provider/BlowfishCrypt.javaLarge array initialization: F: array initializer size 1042
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_004821704_2_00482170
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_004815004_2_00481500
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_004619E04_2_004619E0
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_00475CC84_2_00475CC8
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_00473D004_2_00473D00
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_0045FD204_2_0045FD20
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_0047984B4_2_0047984B
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_0046957E4_2_0046957E
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: String function: 021E136C appears 51 times
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: String function: 00485E1C appears 82 times
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: String function: 00485DA4 appears 33 times
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: String function: 021E134E appears 199 times
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: String function: 073FDD8E appears 31 times
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: String function: 00485D26 appears 58 times
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: String function: 00485DFE appears 159 times
Source: XKRN10505.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: userinstall.dll.0.drStatic PE information: No import functions for PE file found
Source: file.exe, 00000000.00000003.1708854994.0000000003B75000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameawt.dllV vs file.exe
Source: file.exe, 00000000.00000003.1708414729.0000000003314000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameawt.dllV vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: sus22.winEXE@3/108@3/1
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeMutant created: NULL
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\xnsE6A3.tmpJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe "C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe "C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: apphelp.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: winmm.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: pdh.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: perfos.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: sspicli.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: shfolder.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: wldp.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: mswsock.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: wldp.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: profapi.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: d3d11.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: dcomp.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: dxgi.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: wintypes.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: wintypes.dllJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\file.exeAutomated click: Next >
Source: C:\Users\user\Desktop\file.exeAutomated click: Next >
Source: C:\Users\user\Desktop\file.exeAutomated click: Next >
Source: C:\Users\user\Desktop\file.exeAutomated click: Next >
Source: C:\Users\user\Desktop\file.exeAutomated click: Next >
Source: file.exeStatic PE information: certificate valid
Source: file.exeStatic file information: File size 24973736 > 1048576
Source: C:\Users\user\Desktop\file.exeFile opened: C:\HamSphere\HamSphere_4.010a\rt\bin\msvcr100.dllJump to behavior
Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.dc\dcpr\obj\dcpr.pdbi source: file.exe, 00000000.00000003.1708854994.0000000003B75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708414729.0000000003314000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\java.net\net\obj\net.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2660623950.000000006E6EC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.font\fontmanager\obj\fontmanager.pdbB source: HamSphere_4.010a.exe, 00000004.00000002.2661725192.000000006FE3E000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.font\t2k\obj\t2k.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2661557817.000000006FE17000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\java.net\net\obj\net.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2660623950.000000006E6EC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\java\java.nio\nio\obj\nio.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2661993669.0000000073977000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.dc\dcpr\obj\dcpr.pdb source: file.exe, 00000000.00000003.1708854994.0000000003B75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708414729.0000000003314000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.awt\jpeg\obj\jpeg.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2661323813.000000006FD9E000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.awt\awt\obj\awt.pdb source: file.exe, 00000000.00000003.1708854994.0000000003B75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708414729.0000000003314000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.awt\awt\obj\awt.pdbp source: file.exe, 00000000.00000003.1708854994.0000000003B75000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1708414729.0000000003314000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\build_area\1.7.0_55\hs_build\tmp\sun\sun.font\fontmanager\obj\fontmanager.pdb source: HamSphere_4.010a.exe, 00000004.00000002.2661725192.000000006FE3E000.00000002.00000001.01000000.00000016.sdmp
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC185E EntryPoint,lstrcmpA,lstrcmpA,lstrcmpA,CloseHandle,CloseHandle,CloseHandle,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary,ExitProcess,0_2_00FC185E
Source: sunmscapi.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x5082
Source: jsound.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x11334
Source: w2k_lsa_auth.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xfef3
Source: XJCE10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x85562
Source: JavaAccessBridge-32.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x28d26
Source: JAWTAccessBridge-32.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xaa25
Source: WindowsAccessBridge-32.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x1cd98
Source: jvm.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x679b
Source: XIMG10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2cd24
Source: XMSC10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x20017
Source: XSQL10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x92dff
Source: jpeg.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x23f97
Source: dcpr.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2cfc6
Source: HamSphere_4.010a.exe.0.drStatic PE information: real checksum: 0x1a2ef7 should be: 0x198488
Source: XCRB10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x5ab001
Source: xjitb_j10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x39e6a5
Source: sunec.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x23431
Source: t2k.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x343ee
Source: net.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x1a38f
Source: XSEC10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x1ca59a
Source: XPKC10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x8801b
Source: XXWS10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2a7238
Source: XMIS10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x3a8d6c
Source: fontmanager.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x3a6ef
Source: XSWN10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2417d4
Source: unpack.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x105e6
Source: nio.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xf2bc
Source: java.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x193d2
Source: XSND10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x110c66
Source: jawt.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x9e76
Source: Uninstall.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x6aeea
Source: XINV10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x1ecf1
Source: XMIA10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x17ef35
Source: j2pkcs11.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x14d2f
Source: XSCR10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x153055
Source: xnsE6A3.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0xc63a5
Source: cleanup.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x1b1d4
Source: mlib_image.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x968e0
Source: XRMI10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x4bbac
Source: jaas_nt.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x4db6
Source: XEND10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x13ef3
Source: XXXL10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2f9ab4
Source: XSSE10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xba81d
Source: kcms.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x32f11
Source: zip.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x17219
Source: XMNG10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x17ad52
Source: XXML10505.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x8c4f22
Source: awt.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x11df1d
Source: userinstall.dll.0.drStatic PE information: real checksum: 0x0 should be: 0xe03b
Source: JdbcOdbc.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x9b0d
Source: j2pcsc.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x41c1
Source: jsoundds.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x13083
Source: XAWT10505.dll.0.drStatic PE information: section name: .jidata
Source: XAWT10505.dll.0.drStatic PE information: section name: .jedata
Source: XAWT10505.dll.0.drStatic PE information: section name: .config
Source: XCRB10505.dll.0.drStatic PE information: section name: .jidata
Source: XCRB10505.dll.0.drStatic PE information: section name: .jedata
Source: XCRB10505.dll.0.drStatic PE information: section name: .config
Source: XEND10505.dll.0.drStatic PE information: section name: .jidata
Source: XEND10505.dll.0.drStatic PE information: section name: .jedata
Source: XEND10505.dll.0.drStatic PE information: section name: .config
Source: XIMG10505.dll.0.drStatic PE information: section name: .jidata
Source: XIMG10505.dll.0.drStatic PE information: section name: .jedata
Source: XIMG10505.dll.0.drStatic PE information: section name: .config
Source: XINV10505.dll.0.drStatic PE information: section name: .jidata
Source: XINV10505.dll.0.drStatic PE information: section name: .jedata
Source: XINV10505.dll.0.drStatic PE information: section name: .config
Source: XJCE10505.dll.0.drStatic PE information: section name: .jidata
Source: XJCE10505.dll.0.drStatic PE information: section name: .jedata
Source: XJCE10505.dll.0.drStatic PE information: section name: .config
Source: xjitb_j10505.dll.0.drStatic PE information: section name: .jidata
Source: xjitb_j10505.dll.0.drStatic PE information: section name: .jedata
Source: xjitb_j10505.dll.0.drStatic PE information: section name: .config
Source: XKRN10505.dll.0.drStatic PE information: section name: .jidata
Source: XKRN10505.dll.0.drStatic PE information: section name: .jedata
Source: XKRN10505.dll.0.drStatic PE information: section name: .config
Source: XMIA10505.dll.0.drStatic PE information: section name: .jidata
Source: XMIA10505.dll.0.drStatic PE information: section name: .jedata
Source: XMIA10505.dll.0.drStatic PE information: section name: .config
Source: XMIS10505.dll.0.drStatic PE information: section name: .jidata
Source: XMIS10505.dll.0.drStatic PE information: section name: .jedata
Source: XMIS10505.dll.0.drStatic PE information: section name: .config
Source: XMNG10505.dll.0.drStatic PE information: section name: .jidata
Source: XMNG10505.dll.0.drStatic PE information: section name: .jedata
Source: XMNG10505.dll.0.drStatic PE information: section name: .config
Source: XMSC10505.dll.0.drStatic PE information: section name: .jidata
Source: XMSC10505.dll.0.drStatic PE information: section name: .jedata
Source: XMSC10505.dll.0.drStatic PE information: section name: .config
Source: XPKC10505.dll.0.drStatic PE information: section name: .jidata
Source: XPKC10505.dll.0.drStatic PE information: section name: .jedata
Source: XPKC10505.dll.0.drStatic PE information: section name: .config
Source: XRMI10505.dll.0.drStatic PE information: section name: .jidata
Source: XRMI10505.dll.0.drStatic PE information: section name: .jedata
Source: XRMI10505.dll.0.drStatic PE information: section name: .config
Source: XSCR10505.dll.0.drStatic PE information: section name: .jidata
Source: XSCR10505.dll.0.drStatic PE information: section name: .jedata
Source: XSCR10505.dll.0.drStatic PE information: section name: .config
Source: XSEC10505.dll.0.drStatic PE information: section name: .jidata
Source: XSEC10505.dll.0.drStatic PE information: section name: .jedata
Source: XSEC10505.dll.0.drStatic PE information: section name: .config
Source: XSND10505.dll.0.drStatic PE information: section name: .jidata
Source: XSND10505.dll.0.drStatic PE information: section name: .jedata
Source: XSND10505.dll.0.drStatic PE information: section name: .config
Source: XSQL10505.dll.0.drStatic PE information: section name: .jidata
Source: XSQL10505.dll.0.drStatic PE information: section name: .jedata
Source: XSQL10505.dll.0.drStatic PE information: section name: .config
Source: XSSE10505.dll.0.drStatic PE information: section name: .jidata
Source: XSSE10505.dll.0.drStatic PE information: section name: .jedata
Source: XSSE10505.dll.0.drStatic PE information: section name: .config
Source: XSWN10505.dll.0.drStatic PE information: section name: .jidata
Source: XSWN10505.dll.0.drStatic PE information: section name: .jedata
Source: XSWN10505.dll.0.drStatic PE information: section name: .config
Source: XXML10505.dll.0.drStatic PE information: section name: .jidata
Source: XXML10505.dll.0.drStatic PE information: section name: .jedata
Source: XXML10505.dll.0.drStatic PE information: section name: .config
Source: XXWS10505.dll.0.drStatic PE information: section name: .jidata
Source: XXWS10505.dll.0.drStatic PE information: section name: .jedata
Source: XXWS10505.dll.0.drStatic PE information: section name: .config
Source: XXXL10505.dll.0.drStatic PE information: section name: .jidata
Source: XXXL10505.dll.0.drStatic PE information: section name: .jedata
Source: XXXL10505.dll.0.drStatic PE information: section name: .config
Source: HamSphere_4.010a.exe.0.drStatic PE information: section name: .jidata
Source: HamSphere_4.010a.exe.0.drStatic PE information: section name: .jedata
Source: HamSphere_4.010a.exe.0.drStatic PE information: section name: .config
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_3_16639070 push E003CADBh; retf 4_3_16639075
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_3_16635650 pushad ; ret 4_3_16635651
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_3_1663925F push cs; retf 4_3_16639262
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_3_16638FFF push cs; retf 4_3_16639002
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_3_166391D0 push E003CADBh; retf 4_3_166391D5
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_3_16639487 push cs; retf 4_3_1663948A
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_0040D150 push eax; mov dword ptr [esp], 00000000h4_2_0040D153
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_004A3510 push eax; retf 4_2_004A3511
Source: msvcr100.dll.0.drStatic PE information: section name: .text entropy: 6.9169969425576285
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\JdbcOdbc.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSND10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XPKC10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\JAWTAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\net.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XEND10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSWN10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\InstTemp0\userinstall.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\zip.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\jsoundds.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMIA10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSSE10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\t2k.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMSC10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\xnsE6A3.tmpJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMIS10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXXL10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\jsound.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\JavaAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\unpack200.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSCR10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\sunec.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\xjitb_j10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\msvcr100.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\WindowsAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\dcpr.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XJCE10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\j2pcsc.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\java.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\fontmanager.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSQL10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\kcms.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\jawt.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\awt.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XINV10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXML10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\cleanup.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XIMG10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\unpack.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XAWT10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\mlib_image.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXWS10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\jetvm\jvm.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSEC10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\sunmscapi.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XCRB10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\nio.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XRMI10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMNG10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\jaas_nt.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\j2pkcs11.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\rt\bin\jpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\HamSphere\HamSphere_4.010a\install.logJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HamSphereJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HamSphere\HamSphere_4.010aJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HamSphere\HamSphere_4.010a\HamSphere_4.010a.lnkJump to behavior
Source: C:\Users\user\Desktop\file.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HamSphere\HamSphere_4.010a\Uninstall.lnkJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\JdbcOdbc.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSND10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XPKC10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\JAWTAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\net.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XEND10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSWN10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\InstTemp0\userinstall.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMIA10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\jsoundds.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\zip.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSSE10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\t2k.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMSC10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\xnsE6A3.tmpJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMIS10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXXL10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\jsound.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\JavaAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\unpack200.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSCR10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\sunec.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\xjitb_j10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\WindowsAccessBridge-32.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\msvcr100.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\dcpr.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XJCE10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\java.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\j2pcsc.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\fontmanager.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSQL10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\kcms.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\jawt.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\awt.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XINV10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXML10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\cleanup.exeJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XIMG10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XAWT10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\unpack.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\mlib_image.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXWS10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\jetvm\jvm.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSEC10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\sunmscapi.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XCRB10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XRMI10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\nio.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMNG10505.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\jaas_nt.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\j2pkcs11.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\HamSphere\HamSphere_4.010a\rt\bin\jpeg.dllJump to dropped file
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeAPI coverage: 5.1 %
Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_00410110 GetModuleHandleA,FindFirstFileA,FindClose,FindFirstFileA,FindClose,LoadLibraryA,GetProcAddress,GetProcAddress,4_2_00410110
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_0040F460 FindFirstFileA,FindClose,4_2_0040F460
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_0040D7F0 FindFirstFileA,GetProcessHeap,HeapAlloc,FindNextFileA,FindClose,4_2_0040D7F0
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_02396110 EntryPoint,DisableThreadLibraryCalls,GetModuleHandleA,FindFirstFileA,FindClose,FindFirstFileA,FindClose,LoadLibraryA,GetProcAddress,GetProcAddress,4_2_02396110
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_02396710 FindFirstFileA,FindClose,4_2_02396710
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeCode function: 4_2_071B1740 FindFirstFileA,FindClose,4_2_071B1740
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical ProcessorcalYq
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V bsipfxwncoqassp Bus Pipes'Pq
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipesl[
Source: HamSphere_4.010a.exe, 00000004.00000003.1697516319.0000000000664000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1698015723.0000000000664000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1697909015.0000000000664000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1699125500.000000000065E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eWorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipes
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partitionlls
Source: HamSphere_4.010a.exe, 00000004.00000003.1697765672.0000000000664000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c@.iWorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global
Source: HamSphere_4.010a.exe, 00000004.00000003.1699145652.0000000000676000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: unter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
Source: HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root PartitionL
Source: HamSphere_4.010a.exe, 00000004.00000003.1707733674.0000000004816000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: java/lang/VirtualMachineError.classvcf
Source: HamSphere_4.010a.exe, 00000004.00000003.1699718638.0000000000650000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1699218548.0000000000650000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1699745580.0000000000650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0YfPQgWorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor L
Source: HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: osuE#java/lang/VirtualMachineError.classPK
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid PartitionQ
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Servicell
Source: HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: Unable to create VirtualMachineError instance: it is abstract
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processork
Source: HamSphere_4.010a.exe, 00000004.00000003.1705691642.0000000000641000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: h Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
Source: HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: osuE)com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: 'com/excelsior/jet/runtime/os/OSTime.javaQueryPerformanceCounter failedAverage VCF size: %zu bytesVCF Memory usage: total allocated %zu Mb, peak used %zu bytesVCF Generation time: total %d ms, average %d msNumber of VCF generated: %dCreateEvent() failedcom/excelsior/jet/runtime/os/Event.javaSetEvent() failedService initialization is failed to complete timelyNot enough memory for JVM initializationUnable to create ThreadDeath instance with message: no appropriate constructorUnknown exception code %dUnable to create VirtualMachineError instance: it is abstractcom/excelsior/jet/runtime/excepts/StandardExceptions.javaAJ fatal error: aj intrinsic com/excelsior/jet/runtime/excepts/StandardExceptions.__aj__callNewStandardException__Lcom_excelsior_aj_util_ManagedExecEnv_2Lcom_excelsior_jet_runtime_excepts_ExceptionCode_2Lcom_excelsior_aj_util_BString_2(ISI)Ljava/lang/Throwable; calledUnable to handle stack overflow at %p: unexpected instruction at %pUnable to handle stack overflow at %p: unexpected sub instruction at %pUnable to handle stack overflow at %p: unexpected add instruction at %pUnable to handle stack overflow at %p: unexpected mov instruction at %pUnable to handle stack overflow: too many instructions in the prologueUnable to handle stack overflow at %p: instruction bounds violatedUnexpected instructioncom/excelsior/jet/runtime/excepts/PrologueInterpreter.javaAJ fatal error: aj intrinsic com/excelsior/jet/runtime/excepts/o.value(I)I calledAJ fatal error: aj intrinsic com/excelsior/jet/runtime/excepts/o.__aj__invoke__Ljava_lang_Object_2I(ILjava/lang/Object;I)V calledAJ fatal error: aj intrinsic com/excelsior/jet/runtime/excepts/o.__aj__constr__Lcom_excelsior_aj_lang_CodeAddr_2(I)I calledAJ fatal error: aj intrinsic com/excelsior/jet/runtime/excepts/n.value(I)I calledAJ fatal error: aj intrinsic com/excelsior/jet/runtime/excepts/n.__aj__invoke__Ljava_lang_Object_2(ILjava/lang/Object;)V calledAJ fatal error: aj intrinsic com/excelsior/jet/runtime/excepts/n.__aj__constr__Lcom_excelsior_aj_lang_CodeAddr_2(I)I called
Source: HamSphere_4.010a.exe, 00000004.00000003.1707733674.0000000004816000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: c/java/lang/VirtualMachineError.classvcf
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root PartitionWq
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Servicellmq
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V bsipfxwncoqassp Bus
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
Source: HamSphere_4.010a.exe, 00000004.00000003.1705467810.0000000000640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cWorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864A
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partition6
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processorx
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
Source: HamSphere_4.010a.exe, 00000004.00000002.2648927578.000000001327E000.00000008.00000001.01000000.0000000A.sdmpBinary or memory string: javax.management.relationsarpsborgreturn types do not match[negative prefix=CompositeType for Base GarbageCollectionNotificationInfoUTF_16LEMD2/RSAThe operation with name fillNewTypedArrayriodejaneiroprovided.null.namexn--hbmer-xqaKANGXIRADICALSKeySpec must be ECPrivateKeySpec or PKCS8EncodedKeySpec for EC private keysgetCallSiteTargetConnect timed outValue of jmx.remote.protocol.provider.pkgs parameter is not a String: custom writeObject data (class " (cast)Address inside [...] must be numeric IPv6 addressKey too long: X509CRLSelector.match: nextUpdate null is negativeUnimplemented: Resolver.findMethod(ClassFile)CompositeType for Base GcInfoNo Principal(s) specified __aj__winServiceInitialize__Lcom_excelsior_api_windows_types_DWORD_2Lcom_excelsior_aj_lang_Array_2invalid.null.Subject.provided__aj__GetByteArrayRegion__Lcom_excelsior_jet_runtime_jni_defs_JNIEnv_2Lcom_excelsior_jet_runtime_jni_defs_jbyteArray_2IILcom_excelsior_aj_lang_ByteArray_2timeout can't be negativeConstructor expectedClassbalsan>>> Credentials acquireServiceCreds: no realms list does not implement window can't be nullTemporary jar for classpath entry %s was not opened.800000000000000000000000000000000000000000000000000000000000000000000000100000000000000001\\\\controlNull host name: Unknown exception code %d[propertyName=Loaded from native configDuplicate name: Invalid encoding of URI exists but not with Unable to create VirtualMachineError instance: it is abstractremoteAddressreceived header line: "com.intellij.ide.plugins.PluginManagerFYL2XP1http.keepAlivecom.excelsior.jet.runtime.classload.nativelibs.NativeMethodsLinkingjava/lang/NoSuchMethodErrorOLD_PERSIANxn--rde-ulaCannot modify this registryMOVSXDwatchandclock5EEEFCA380D02919DC2C6558BB6D8A5DCloneNotSupportedException while cloning NameConstraintsException. This should never happen.__aj__CallFloatMethod__Lcom_excelsior_jet_runtime_jni_defs_JNIEnv_2Lcom_excelsior_jet_runtime_jni_defs_jobject_2Lcom_excelsior_jet_runtime_jni_defs_jmethodID_2_3Ljava_lang_Object_2Unsafe.defineAnonymousClass() does not support constant pool patchesen-GB-x-oedSHA224withECDSAagent.err.invalid.option, port: Illegal embedded sign characterxn--dyry-iraALPHABETICPRESENTATIONFORMS\\\"xn--hobl-iraArgument loabattromsohabmerJR_ThrowNegativeArraySizeExceptionJR_ThrowArrayStoreExceptiontrustjava.naming.corba.orbfilesxn--rland-uua
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid PartitionC[
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
Source: HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classvcf
Source: HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
Source: HamSphere_4.010a.exe, 00000004.00000003.1705467810.0000000000640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR A
Source: HamSphere_4.010a.exe, 00000004.00000003.1699550229.0000000000650000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1699342799.0000000000650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor L
Source: HamSphere_4.010a.exe, 00000004.00000002.2649473344.00000000133F9000.00000004.00000001.01000000.0000000A.sdmpBinary or memory string: java.lang.VirtualMachineError
Source: HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
Source: HamSphere_4.010a.exe, 00000004.00000003.1698630720.0000000000696000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4010WEVT RPC calls/sec4012Events/sec4014ELF RPC calls/sec4016Active subscriptions4018Event filter operations/sec9568BranchCache9570Retrieval: Bytes from server9572Retrieval: Bytes from cache9574Retrieval: Bytes served9576Discovery: Weighted average discovery time9578SMB: Bytes from cache9580SMB: Bytes from server9582BITS: Bytes from cache9584BITS: Bytes from server9586WININET: Bytes from cache9588WININET: Bytes from server9590WINHTTP: Bytes from cache9592WINHTTP: Bytes from server9594OTHER: Bytes from cache9596OTHER: Bytes from server9598Discovery: Attempted discoveries9600Local Cache: Cache complete file segments9602Local Cache: Cache partial file segments9604Hosted Cache: Client file segment offers made9606Retrieval: Average branch rate9608Discovery: Successful discoveries9610Hosted Cache: Segment offers queue size9612Publication Cache: Published contents9614Local Cache: Average access time3432WSMan Quota Statistics3434Total Requests/Second3436User Quota Violations/Second3438System Quota Violations/Second3440Active Shells3442Active Operations3444Active Users3446Process ID1914Hyper-V VM Vid Partition1916Physical Pages Allocated1918Preferred NUMA Node Index1920Remote Physical Pages1922ClientHandles1924CompressPackTimeInUs1926CompressUnpackTimeInUs1928CompressPackInputSizeInBytes1930CompressUnpackInputSizeInBytes1932CompressPackOutputSizeInBytes1934CompressUnpackOutputSizeInBytes1936CompressUnpackUncompressedInputSizeInBytes1938CompressPackDiscardedSizeInBytes1940CompressWorkspaceSizeInBytes1942CompressScratchPoolSizeInBytes1944CryptPackTimeInUs1946CryptUnpackTimeInUs1948CryptPackInputSizeInBytes1950CryptUnpackInputSizeInBytes1952CryptPackOutputSizeInBytes1954CryptUnpackOutputSizeInBytes1956CryptScratchPoolSizeInBytes}
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
Source: HamSphere_4.010a.exe, 00000004.00000003.1700775753.000000000066D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eWorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Co
Source: HamSphere_4.010a.exe, 00000004.00000002.2639209035.00000000032C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: HamSphere_4.010a.exe, 00000004.00000003.1699322985.0000000000650000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1699502548.0000000000650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dWorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor L
Source: HamSphere_4.010a.exe, 00000004.00000003.1697338681.0000000000658000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: peWorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global
Source: HamSphere_4.010a.exe, 00000004.00000003.1705428574.0000000000646000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ctual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest Page Table Maps/sec5046Large Page TLB Fills/sec5048Small Page TLB Fills/sec5050Reflected Guest Page Faults/sec5052APIC MMIO Accesses/sec5054IO Intercept Messages/sec5056Memory Intercept Messages/sec5058APIC EOI Accesses/sec5060Other Messages/sec5062Page Table Allocations/sec5064Logical Processor Migrations/sec5066Address Space Evictions/sec5068Address Space Switches/sec5070Address Domain Flushes/sec5072Address Space Flushes/sec5074Global GVA Range Flushes/sec5076Loca
Source: HamSphere_4.010a.exe, 00000004.00000003.1698837896.000000000066D000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1699100195.0000000000666000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1699002525.0000000000650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eWorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipes
Source: HamSphere_4.010a.exe, 00000004.00000003.1699201195.0000000000650000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dPQgWorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor L
Source: HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classvcf
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service.Rq
Source: HamSphere_4.010a.exe, 00000004.00000003.1697516319.0000000000664000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1698015723.0000000000664000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1697909015.0000000000664000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1698221198.0000000000664000.00000004.00000020.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1697765672.0000000000664000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tions failed due to ineligible container3190Compactions failed due to max fragmentation3192Container Move Retry Count3194Container moves failed due to ineligible container3196Compaction Failure Count3198Container Move Failure Count3200Dirty metadata pages3202Dirty table list entries3204Delete Queue entries9698Storage Management WSP Spaces Runtime9700Runtime Count 4ms9702Runtime Count 16ms9704Runtime Count 64ms9706Runtime Count 256ms9708Runtime Count 1s9710Runtime Count 4s9712Runtime Count 16s9714Runtime Count 1min9716Runtime Count Infinite3094Hyper-V Virtual Machine Bus Pipes3096Reads/sec3098Writes/sec3100Bytes Read/sec3102Bytes Written/sec9616SMB Direct Connection9618Stalls (Send Credit)/sec9620Stalls (Send Queue)/sec9622Stalls (RDMA Registrations)/sec9624Sends/sec9626Remote Invalidations/sec9628Memory Regions9630Bytes Received/sec9632Bytes Sent/sec9634Bytes RDMA Read/sec9636Bytes RDMA Written/sec9638Stalls (RDMA Read)/sec9640Receives/sec9642RDMA Registrations/sec9644SCQ Notification Events/sec9646RCQ Notification Events/sec9648Spurious RCQ Notification Events9650Spurious SCQ Notification Events9504Offline Files9506Bytes Received9508Bytes Transmitted9510Bytes Transmitted/sec9514Bytes Received/sec9518Client Side Caching9520SMB BranchCache Bytes Requested9522SMB BranchCache Bytes Received9524SMB BranchCache Bytes Published9526SMB BranchCache Bytes Requested From Server9528SMB BranchCache Hashes Requested9530SMB BranchCache Hashes Received9532SMB BranchCache Hash Bytes Received9534Prefetch Operations Queued9536Prefetch Bytes Read From Cache9538Prefetch Bytes Read From Server9540Application Bytes Read From Cache9542Application Bytes Read From Server9544Application Bytes Read From Server (Not Cached)3260Teredo Relay3262In - Teredo Relay Total Packets: Success + Error
Source: HamSphere_4.010a.exe, 00000004.00000002.2649473344.00000000133F9000.00000004.00000001.01000000.0000000A.sdmpBinary or memory string: +Sjava.lang.VirtualMachineError
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition4RE
Source: HamSphere_4.010a.exe, 00000004.00000003.1705691642.0000000000645000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iWorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864A
Source: HamSphere_4.010a.exe, 00000004.00000002.2636523787.00000000005BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-550
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeAPI call chain: ExitProcess graph end nodegraph_4-59468
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC185E EntryPoint,lstrcmpA,lstrcmpA,lstrcmpA,CloseHandle,CloseHandle,CloseHandle,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary,ExitProcess,0_2_00FC185E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC1195 GetProcessHeap,RtlFreeHeap,0_2_00FC1195
Source: C:\Users\user\Desktop\file.exeProcess created: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe "C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation DynamicDaylightTimeDisabledJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
Registry Run Keys / Startup Folder		11
Process Injection		11
Process Injection		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		4
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Software Packing		NTDS12
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe5%ReversingLabs
C:\HamSphere\HamSphere_4.010a\Uninstall.exe5%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\JAWTAccessBridge-32.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\JavaAccessBridge-32.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\JdbcOdbc.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\WindowsAccessBridge-32.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\awt.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\cleanup.exe0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\dcpr.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\fontmanager.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\j2pcsc.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\j2pkcs11.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\jaas_nt.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\java.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\jawt.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\jetvm\jvm.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\jpeg.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\jsound.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\jsoundds.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\kcms.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\mlib_image.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\msvcr100.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\net.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\nio.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\sunec.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\sunmscapi.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\t2k.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\unpack.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\unpack200.exe0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\w2k_lsa_auth.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\bin\zip.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XAWT10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XCRB10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XEND10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XIMG10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XINV10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XJCE10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMIA10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMIS10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMNG10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMSC10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XPKC10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XRMI10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSCR10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSEC10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSND10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSQL10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSSE10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSWN10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXML10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXWS10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXXL10505.dll0%ReversingLabs
C:\HamSphere\HamSphere_4.010a\rt\jetrt\xjitb_j10505.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\InstTemp0\userinstall.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.chambersign.org10%URL Reputationsafe
http://repository.swisssign.com/00%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://policy.camerfirma.com00%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
http://www.quovadisglobal.com/cps00%URL Reputationsafe
https://www.certum.pl/CPS00%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
hs4.hamsphere.com
62.210.190.21
truefalse
    		unknown
    hs40.hamsphere.com
    		62.210.190.21
    		truefalse
      		unknown
      241.42.69.40.in-addr.arpa
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://hs4.hamsphere.com/getremotenames.phpfalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/soap/envelope/-Xalan(uHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
            		unknown
            http://apache.org/xml/properties/dom/current-element-nodeCyrillicWG_ENCODING_NOT_SUPPORTED_USING_JAVHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
              		unknown
              http://javax.xml.transform.sax.SAXTransformerFactory/featureCouldHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                		unknown
                http://www.sun.com/xml/sax-eventsfile.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://hs4.hamsphere.com/saveremoterig.phpUSBshCorruptHamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpfalse
                    		unknown
                    http://www.chambersign.org1file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://repository.swisssign.com/0file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://xml.org/sax/features/xmlns-urisnulln0PHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                      		unknown
                      http://www.alphaworks.ibm.com/formula/xmlunsignedLongXRTreeFragSelectWrapperHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                        		unknown
                        http://crl.certum.pl/ca.crl0:file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://xml.apache.org/xalan-jfile.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://apache.org/xml/features/validation/schema/augment-psvi(StylesheetHandler)HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                              		unknown
                              http://www.alphaworks.ibm.com/formula/xmlARCHIVEotherwisefindHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                		unknown
                                http://jvnet.org/fastinfoset/parser/properties/external-vocabulariesprefix/:file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://apache.org/xml/properties/internal/xinclude-handlerAVHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                    		unknown
                                    http://www.zhongyicts.com.cnHamSphere_4.010a.exe, 00000004.00000003.1754115294.0000000016864000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://apache.org/xml/features/include-commentsHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                      		unknown
                                      http://apache.org/xml/features/scanner/notify-char-refsHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                        		unknown
                                        http://xml.org/sax/properties/lexical-handlerSystemId-Unknown:locator-unavailable:HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                          		unknown
                                          http://policy.camerfirma.com0file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.excelsior-usa.comHamSphere_4.010a.exe, 00000004.00000002.2648613254.0000000013277000.00000004.00000001.01000000.0000000A.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2656388178.0000000016560000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2636523787.0000000000643000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://xml.apache.org/xalan-j/faq.htmlHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                              		unknown
                                              http://xml.org/sax/features/external-parameter-entitiesdigestValueHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                		unknown
                                                http://www.oasis-open.org/committees/entity/release/1.0/catalog.xsd-//W3C//DTDHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                  		unknown
                                                  http://xml.org/sax/properties/declaration-handlerusingHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                    		unknown
                                                    http://apache.org/xml/features/allow-java-encodingscreateMessageHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                      		unknown
                                                      http://xml.apache.org/xalan/features/optimizeHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                        		unknown
                                                        http://hs4.hamsphere.com/copyremoterig.phpunderlineInterrupted15mipError:HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpfalse
                                                          		unknown
                                                          http://exslt.org/commonHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://schemas.xmlsoap.org/soap/encoding/dremHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                            		unknown
                                                            http://www.excelsior-usa.comUnknownHamSphere_4.010a.exe, 00000004.00000002.2648927578.000000001327E000.00000008.00000001.01000000.0000000A.sdmpfalse
                                                              		unknown
                                                              http://apache.org/xml/features/scanner/notify-builtin-refsNomHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                		unknown
                                                                http://apache.org/xml/properties/LaHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                  		unknown
                                                                  http://xml.apache.org/xalan/features/incrementalDHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                    		unknown
                                                                    http://apache.org/xml/features/feature-read-only$HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                      		unknown
                                                                      http://www.entrust.net/CRL/net1.crl0file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://xml.org/sax/features/string-interningfeatureHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                          		unknown
                                                                          http://xml.apache.orggoto_wHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                            		unknown
                                                                            http://apache.org/xml/features/xinclude/fixup-languageTentativeHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                              		unknown
                                                                              http://apache.org/xml/properties/internal/validator/dtdxmlStructureHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                		unknown
                                                                                http://javax.xml.transform.stream.StreamSource/featurefconstElaborazioneHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                  		unknown
                                                                                  http://ws-i.org/profiles/basic/1.1/swaref.xsdcom.sun.xml.internal.messaging.saaj.soap.ver1_1--%M-%D%file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://xml.org/sax/features/namespacesCeHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                      		unknown
                                                                                      http://xml.org/sax/features/true-not-supportedHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                        		unknown
                                                                                        http://apache.org/xml/properties/internal/datatype-validator-factorysystemSuffixN.HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                          		unknown
                                                                                          http://apache.org/xml/serializerSYNTAXEHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                            		unknown
                                                                                            http://xml.apache.org/xalan/javaHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                              		unknown
                                                                                              http://xml.apache.org/xsltHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                		unknown
                                                                                                http://apache.org/xml/features/validation/schema/normalized-valueApacheHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://www.oracle.com/technetwork/java/javase/documentation/index.htmlHamSphere_4.010a.exe, 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://javax.xml.transform.dom.DOMResult/featureObjetHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://apache.org/xml/properties/internal/validation/schema/dv-factorygetChildrenHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://apache.org/xml/features/validate-annotationsNHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://apache.org/xml/features/standard-uri-conformantTheHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://jvnet.org/fastinfoset/parser/properties/force-stream-closereadOnce()file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://javax.xml.XMLConstants/property/accessExternalStylesheetNoHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://www.excelsior-usa.comjava.vendor.urlSun-OracleHamSphere_4.010a.exe, 00000004.00000002.2651157458.000000001373B000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://apache.org/xml/features/xincludeHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://hs50.hamsphere.com?externallHamSphere_4.010a.exe, 00000004.00000002.2656388178.00000000167CC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://www.alphaworks.ibm.com/formula/xmlNullHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://apache.org/xml/features/validation/schema-full-checkingHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://xml.apache.org/xalan:nodesetXRTreeFragSelectWrapperHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://hs4.hamsphere.com/renameremoterig.php4.010aLSBENTmozillaHamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://xml.org/sax/features/allow-dtd-events-after-endDTDEmptyHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://xml.apache.org/xalan/xsltcISO-IR-149ISO-IR-148ISO-IR-144DTMLiaisonHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://java.sun.com/xml/stream/properties/reader-in-defined-stateHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://xml.org/sax/features/use-entity-resolver2com.sun.org.apache.xerces.internal.impl.dv.dtd.XML11HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://apache.org/xml/features/namespace-growthdetach()HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://java.sun.com/dtd/preferences.dtd.HamSphere_4.010a.exe, 00000004.00000002.2648927578.000000001327E000.00000008.00000001.01000000.0000000A.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://www.quovadisglobal.com/cps0file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://jvnet.org/fastinfoset/parser/properties/buffer-sizeNullfile.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://schemas.xmlsoap.org/soap/envelope/versioncom.sun.xml.internal.bind.xmlHeadersgotomessage.decofile.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://www.oracle.com/technetwork/java/javase/documentation/index.html.pashtoAustralia/QueenslandTonHamSphere_4.010a.exe, 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txtfile.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://apache.org/xml/features/validation/warn-on-undeclared-elemdefErforderlichesHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://xml.apache.org/xalan/PipeDocumentIlHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://hs4.hamsphere.com/geHamSphere_4.010a.exefalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://xml.apache.org/xslt/javaISO_8859-3ISO_8859-2ResolverISO_8859-1ErroreHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://xml.apache.org/xalan-jNotHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://jvnet.org/fastinfoset/parser/properties/registered-encoding-algorithmslocalNameCouldnfile.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://xml.org/sax/features/validationAxisHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://javax.xml.XMLConstants/property/accessExternalDTDFailedHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://javax.xml.transform.dom.DOMSource/featurezHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://shop.hamsphere.comASSEMBLY(1):HamSphere_4.010a.exe, HamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://shop.hamsphere.com/advanced_search_result.php?keywords=SelectHamSphere_4.010a.exe, 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://www.certum.pl/CPS0file.exe, 00000000.00000003.1625695568.0000000006260000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://apache.org/xml/properties/security-managerVHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://java.sun.com/xml/stream/properties/ignore-external-dtdparser.atom.4HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespaceEnHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtdFragmentHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://apache.org/xml/properties/internal/symbol-tableHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://java.sun.com/xml/stream/properties/CipherData.getDataType()HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationER_XMLRDR_NOT_BEFORE_STARTHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://exslt.org/stringsXalan:HamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://hs50.hamsphere.com?externalHamSphere_4.010a.exe, 00000004.00000002.2656388178.000000001658C000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2656388178.00000000167CC000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2642626722.0000000004CD6000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2640808641.00000000040A2000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1754427496.0000000004CD6000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000002.2656388178.0000000016824000.00000004.00001000.00020000.00000000.sdmp, HamSphere_4.010a.exe, 00000004.00000003.1754899830.00000000167CC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://xml.org/sax/features/external-general-entitiesImpossibleHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://exslt.org/common:nodeSetIlHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://hs50.hamsphere.com?external8HamSphere_4.010a.exe, 00000004.00000002.2656388178.0000000016824000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://apache.org/xml/features/create-cdata-nodesoptionXXoptionXTAsserzioneHamSphere_4.010a.exe, 00000004.00000002.2638264849.0000000002B20000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                                                                                                                                                                  		unknown

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  62.210.190.21
                                                                                                                                                                                                  		hs4.hamsphere.comFrance
                                                                                                                                                                                                  		12876OnlineSASFRfalse

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                  Analysis ID:1540234
                                                                                                                                                                                                  Start date and time:2024-10-23 15:33:12 +02:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 9m 6s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                  Number of analysed new started processes analysed:11
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Sample name:file.exe
                                                                                                                                                                                                  Detection:SUS
                                                                                                                                                                                                  Classification:sus22.winEXE@3/108@3/1
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                  • Successful, ratio: 96%
                                                                                                                                                                                                  • Number of executed functions: 11
                                                                                                                                                                                                  • Number of non-executed functions: 101
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                  • VT rate limit hit for: file.exe

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  No simulations

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Domains

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  OnlineSASFRmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 62.210.152.255
                                                                                                                                                                                                  https://zupimages.net/up/24/42/ol13.jpg?d6mSMvU0ZvpGwffnuqPHYMR7NvlxIzVjDfTD4YJjdRSCOccGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 51.158.28.82
                                                                                                                                                                                                  M3Llib2vh3.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 62.210.152.202
                                                                                                                                                                                                  IlyNpnwGBF.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 62.210.152.206
                                                                                                                                                                                                  request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                  • 195.154.200.15
                                                                                                                                                                                                  2JkHiPgkLE.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                  • 212.47.253.124
                                                                                                                                                                                                  XettQ15qw4.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                  • 195.154.176.209
                                                                                                                                                                                                  7rBLc6cmJZ.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                  • 195.154.176.209
                                                                                                                                                                                                  r1LQ3TmnJT.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                  • 195.154.176.209
                                                                                                                                                                                                  NebHwSvhee.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                  • 195.154.176.209

                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1669320
                                                                                                                                                                                                  Entropy (8bit):6.894627096863538
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:mWWziyHuuj5hKQ4CbfPThzaebzrl3MuWNrbTeOzMz4m:dFQjbHThzaebHkRe+Mp
                                                                                                                                                                                                  MD5:9A2475E8E690A6A120A1C8738E9AB043
                                                                                                                                                                                                  SHA1:3FC34F7528234B3E742AA663AF87BEAEB24CAB93
                                                                                                                                                                                                  SHA-256:D03EF27C14C6CEE113778D7EE58BFF5E73A13E10C0A0E1EDB4338F643CE98315
                                                                                                                                                                                                  SHA-512:86F6D824048E33B058FEDB07E9A6B21C63375215DCFDBECE19849BAC2FFB565560412581C738AF8A3A68D2B9861D62409901EDB8EAF120BEFB24E749DF347272
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L................................p..`.............@.......................... ................... ... ....................... ........... ...........`.......p...n...................................................................................text............x.................. ..`.data................|..............@....bss.....p...`...........................rdata...............H..............@..P.jidata.............................@....idata....... ......................@....jedata..@...0...6..................@..@.reloc...p...p...p..................@..B.rsrc....0......."...<..............@..@.config..............^..............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\Uninstall.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):422400
                                                                                                                                                                                                  Entropy (8bit):6.017221022272505
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:N+YHT2qZA13BLfoSvVgOrVWc27Tx0dX9b4Eg4sEFWeTs:NtHT2NVBLpt/rVc0d9jWe
                                                                                                                                                                                                  MD5:0FB93000DE4FDFBE45B6E02DDDB8BE20
                                                                                                                                                                                                  SHA1:5B25812AF81C404D10469896F1E2A35E2F4EAA4B
                                                                                                                                                                                                  SHA-256:85D9C1747C7D9A5ADDDD189AF612779440AA1379935BA63FF73092D8F931B047
                                                                                                                                                                                                  SHA-512:EDF9968D28B9152A8823FC72A4B7EC057A4B3CA475EEFF1C8E5034439A86DD6AEF01062D4A98F5B5B5DD04F3A6A354CC2BFB8BADB3BD19B59B8FD22F0E5336A4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................W.....Q.....e......L.....\.......F....d......U.....R....Rich............PE..L......T..........................................@.......................................@.................................<........P...1......................4...................................P...@............................................text............................... ..`.rdata...`.......b..................@..@.data....5..........................@....rsrc....1...P...2..................@..@.reloc...7.......8...:..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\install.log

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15230
                                                                                                                                                                                                  Entropy (8bit):3.4552851955009958
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:81hTCihxCBC4C+hyNM4MaA0+Jz1DqkHDOjIGZTwfL4OguIGDyKM5adcNBan:81zMiI9qQDfLrGXs
                                                                                                                                                                                                  MD5:C32FF90F61749F19521FFC062E7D7B68
                                                                                                                                                                                                  SHA1:90DA28DA380AE43820CB13B8158E6377B5F1F1D4
                                                                                                                                                                                                  SHA-256:7F123FAA16516BD63A017A26449E2188C08AE325DE8D91CC3A0B11299340F324
                                                                                                                                                                                                  SHA-512:54EECCD6F785B8C0DD4B86885CCED2B9EBAF5DA9E42539EF613EDC22316DB804DCBE576B786E013D346C6A8869E7464865B29BD44C303A9B79F0E6CF56C6F31C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:I.n.s.t.a.l.l. .L.o.g. .F.i.l.e.,. .v.2...2...H.a.m.S.p.h.e.r.e._.4...0.1.0.a...H.a.m.S.p.h.e.r.e.\.H.a.m.S.p.h.e.r.e._.4...0.1.0.a.......1...1.2.5...f.i.l.e. .C.:.\.H.a.m.S.p.h.e.r.e.\.H.a.m.S.p.h.e.r.e._.4...0.1.0.a.\.i.n.s.t.a.l.l...l.o.g...r.e.g.i.s.t.r.y.k.e.y. .H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.C.u.r.r.e.n.t.V.e.r.s.i.o.n.\.U.n.i.n.s.t.a.l.l.\.H.a.m.S.p.h.e.r.e._._.0...r.e.g.i.s.t.r.y.k.e.y. .H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.o.f.t.w.a.r.e.\.H.a.m.S.p.h.e.r.e.\.H.a.m.S.p.h.e.r.e._.4...0.1.0.a...r.e.g.i.s.t.r.y.k.e.y. .H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.o.f.t.w.a.r.e.\.H.a.m.S.p.h.e.r.e...f.i.l.e. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.S.t.a.r.t. .M.e.n.u.\.P.r.o.g.r.a.m.s.\.H.a.m.S.p.h.e.r.e.\.H.a.m.S.p.h.e.r.e._.4...0.1.0.a.\.U.n.i.n.s.t.a.l.l...l.n.k...f.i.l.e. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.S.t.a.r.t. .M.e.n.u.\.P.r.o.g.r.a.m.s.\.H.a.m.S.p.h.e.r.

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\JAWTAccessBridge-32.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8704
                                                                                                                                                                                                  Entropy (8bit):4.459657852160783
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:3Pcd6jKjyvB0qYqlxCrx3s3XLPVAM6xvbwcA8BRPLXE:fcdM75YbFc3XLPVT6xvsWJY
                                                                                                                                                                                                  MD5:39683C095A9A6A7680B8C58FEED6E175
                                                                                                                                                                                                  SHA1:BAA8944CD2028D780B59EFF0AB851A530D45D444
                                                                                                                                                                                                  SHA-256:DC31E232DC22C0080FE776EFD10FEA181E85835BA146A359F35E98FB93A2BC90
                                                                                                                                                                                                  SHA-512:3330FFC8269BA10DB9B7A3C40975963B65CE6246E19BCAFE0C43078DE0785080FDE00FE3AA18136D8538C4331402B7B65659467FDF4D8AAB1CF2978B110EA46C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^`q.............uw......uw......uw.......y..............uw......uw......uw......uw......Rich....................PE..L.....nT...........!......................... ...............................`............@.........................0%.......!..P....@.......................P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..4.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\JavaAccessBridge-32.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):118272
                                                                                                                                                                                                  Entropy (8bit):6.28554773838068
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:i/J5mbTxI9aYAd5kUKVvbaHrgc6kZsylklKMtyFZf22YYPJiuzTl8ChbzE+S4AeP:i/fcVYaYAdQb/M
                                                                                                                                                                                                  MD5:F1A81DAD1718080BEA4D4ED4A63E5A41
                                                                                                                                                                                                  SHA1:00ECCD3A3D4E3AABA6A19DACA7C74E7F81FF0556
                                                                                                                                                                                                  SHA-256:267E8FAFADA203B6C17A177F07DC07E2483E9685856DB5922BFA16339AEDC5F8
                                                                                                                                                                                                  SHA-512:83A022F4F76D52648E45A7BF147C94C762F6579EDF2D7BB91F12AAA64DCC7F376E65733C3F9CCB2B2DB24E8AE81EFF7ADE0DE91AAE29DEE268F29EA3A1340BC2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........YU..8;O.8;O.8;O.N.O.8;O.N.O.8;O.N.O.8;O.@.O.8;O.8:O.8;O.N.O.8;O.N.O.8;O.N.O.8;O.N.O.8;ORich.8;O........................PE..L.....nT...........!................).....................................................@.........................0...........P...............................|...................................P...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\JdbcOdbc.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):39424
                                                                                                                                                                                                  Entropy (8bit):5.908535881183277
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:b47D2YArZzKWTZbx7WsAHGaGlMoQ3dlnUCkndp7:QDlArhzZb5u3nUZz
                                                                                                                                                                                                  MD5:6DDD80E36F6E695B81537DBF1897178F
                                                                                                                                                                                                  SHA1:5185237F493FFB70AB9C31E3B608A4FD7FF6D32A
                                                                                                                                                                                                  SHA-256:A4AC15C9836431B62E4E460529FE475772906BBC3633E96D4A99811CDC684B66
                                                                                                                                                                                                  SHA-512:DFAFC5AE4731E1FF9F1043FAD8D0127A621C1CA0EBBD177354325EB5C124F0311E8662719328A2EDCE4D2E0E0EDE962F0F42CBFF6CCC273F2ADAF4B15B0CC405
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Di..Di..Di..+.P.Fi..+.R.Fi..+.g.Fi..M._.Ai..Di...i..+.f.Ii..+.W.Ei..+.V.Ei..+.Q.Ei..RichDi..................PE..L...2.nT...........!.....f...2......po....................................................@.................................L...P.......................................................................@...............`............................text...~d.......f.................. ..`.rdata..#%.......&...j..............@..@.data...h...........................@....rsrc...............................@..@.reloc..N...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\WindowsAccessBridge-32.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):89600
                                                                                                                                                                                                  Entropy (8bit):6.286511779859118
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:4u02xsPgBpw4SWjnuOPAOzKmos/qs7pzXFkKOr5c30n8lJi3l:826PgBpw6jn5F/osC6zXscdo3l
                                                                                                                                                                                                  MD5:F383CC5EDE515F3AE06C6B6B8369B02B
                                                                                                                                                                                                  SHA1:4981675C6252593E27F0E2E7016D7E4B752BB51F
                                                                                                                                                                                                  SHA-256:1070F99ABDD1E038AF00A181371E03DB8E1DC345F86B417F4B02FA271FC0C146
                                                                                                                                                                                                  SHA-512:E3005C06A3D78B56BF5A5A2A88E4099EA852D514CF6DDCD01B02F9A8257CA2AB296A2B87F4246628B386C15A20162746AF75B39F15AFB20D3952E1B1F1E3F9FB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... ...s...s...s..es...s..Qs...s..hs...s...s...s..Ps...s..`s...s..as...s..fs...sRich...s........................PE..L.....nT...........!.................s....................................................@..........................4..A....-..<............................... ....................................(..@...............<............................text...\........................... ..`.rdata..!c.......d..................@..@.data...`,...P.......2..............@....rsrc................@..............@..@.reloc...............H..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\awt.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1166848
                                                                                                                                                                                                  Entropy (8bit):6.619601240406924
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:EMH7GovQLoJmxqhpfqJwo+on7pKhaBS1YEpx:TPQ+haUYE7
                                                                                                                                                                                                  MD5:7B3E03A392EA7F2B05C8CEB0D3B5AD2D
                                                                                                                                                                                                  SHA1:33A0D163C08F8DFA4F26567CC6DCCE6ED49F5F00
                                                                                                                                                                                                  SHA-256:DA6AB68BB931DB2A1D01B976B288FEC4A9E707A1ECF8BAF564B8587A2766DBCC
                                                                                                                                                                                                  SHA-512:9145C7A6617147072FC584E5883CDCEC69DA4D0C3293E8335AA4EB8F8F7C36EFE34557BE984DBF0FC384BD9542D2858BAA94A979A5C43CA9D9070766F9E816CB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..r2..!2..!2..!..H!3..!].N!5..!;.S!4..!;.C!4..!].L!5..!2..!...!].z!P..!].{!_..!].K!3..!].J!3..!].M!3..!Rich2..!................PE..L.....nT...........!.....\...........".......p...............................0............@.........................Pj......Y...........N...................0.......s...............................U..@............p.. ....5..`....................text....Z.......\.................. ..`.rdata..?....p.......`..............@..@.data....... ...~..................@....rsrc....N.......P..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\cleanup.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):53760
                                                                                                                                                                                                  Entropy (8bit):6.013689296391093
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:/TmEkk2tUOeePiHrMTrFqYDA1hucE6QTOqkNcq2HrkzzEDDXnZWomO9YFV:/SED2tUOeyigTrFTD+yrkorkE12
                                                                                                                                                                                                  MD5:E61465AA72082EB42940FCC8BAAAF33B
                                                                                                                                                                                                  SHA1:63D628216DE9B088B0802EFA6C2AE3D8DF7DBE70
                                                                                                                                                                                                  SHA-256:37435E2ACD14526F0F8088295B949847BA90C94FE128B5375D143EE33531A668
                                                                                                                                                                                                  SHA-512:8686B41B6559A9AE292FB51118E94D9ABAB6A760A1555FE83A5D42E8C61BE5AD0A0D43A0E435D1E2929EB0A9D089EA7891FDCEB1ABDBDCC59FE0A7F86CBDC907
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;...;...;...2.V.8...;...h...T.n.!...T.[.5...T.o.b...T.X.:...Rich;...................PE..L...'..T.....................`....................@.......................................@....................................(...............................`.......................................@...............$............................text...(........................... ..`.rdata..^#.......$..................@..@.data....,..........................@....reloc..V...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\dcpr.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):135680
                                                                                                                                                                                                  Entropy (8bit):7.301402326718001
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:gW9R9NLmki8sq27W5ALJtiXuojGylYCE2Iu2jGLF5A9bE8LUeOqcjBic:tY8sXS5AziXbGgYCE2L1F5A9bEGUeUg
                                                                                                                                                                                                  MD5:8A7C960AE3C5E9DBCAC2AF34A097DBB5
                                                                                                                                                                                                  SHA1:C20A2783C895643D55696DFF476738AA244E3A0F
                                                                                                                                                                                                  SHA-256:06F3C5E47898CF333828B56B333485D6EE341028B2A9F19F3B96083BB79ED502
                                                                                                                                                                                                  SHA-512:DE748D1279B1A9E62E1EF032C62A7F8CA1CEC798305B720B659CD5748E51E6EB150D3C09ED9198CC09A7A5C5F2F39E23E11BC0ADF8F9372C38849F697B99D2DD
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K...K...K...B...I...$...H...K...n...$...H...$.-.I...$.,.m...$...J...$...J...$...J...RichK...................PE..L.....nT...........!.........X...............................................@............@.................................,...<.... .......................0..........................................@............................................text...N........................... ..`.rdata..............................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\fontmanager.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):215040
                                                                                                                                                                                                  Entropy (8bit):6.403531677347015
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:o4HKhqP1+hbDG32UL5swgZeGkQEu1AkFGMReiDq93awOZHTa:jKhqPghbDG32UL5swgZeGkQEuJGSmaw
                                                                                                                                                                                                  MD5:73D99057ECC7979E65997937EFDBBC81
                                                                                                                                                                                                  SHA1:D58417D49252FA5944BD7BA55BA8984642396D75
                                                                                                                                                                                                  SHA-256:F97EB43C03AFB33572D8F678E2E3201A1DCD5A4CA3785653F1F0D5047BB911A6
                                                                                                                                                                                                  SHA-512:61644E6323B80A630E80C2F3151CCEEAF6D22C8824920A369143085F02B7AE006DE5778E0C9EA948A16F42DDF2024E6D1F4B351F6BD4F8262AE8B032E99F1CA9
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@..m.S.m.S.m.SG#.S.m.S...S.m.S...S.m.S...S.m.S.m/S.m.S...S.m.S...S.m.S...S.m.S...S.m.S...S.m.SRich.m.S........................PE..L.....nT...........!......................................................................@..........................+.......!.......`.......................p......................................p...@............................................text...*........................... ..`.rdata.."P.......R..................@..@.data........@.......$..............@....rsrc........`.......0..............@..@.reloc..f....p.......4..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\j2pcsc.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                  Entropy (8bit):5.283728655692618
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:LmlKk5HhJyafpIJENAxJ/O2pSSy3X3PVR6ywmxjzqp4d:ilKqHhJVpIJd/O2p9enPV5wmxym
                                                                                                                                                                                                  MD5:1EDD62010DA70E07746C8BC4EFABA7AE
                                                                                                                                                                                                  SHA1:5DF539F4B4D74909A96C9606CB46E67BF2B76DEF
                                                                                                                                                                                                  SHA-256:D5A436E032F727C879EFFDC3C5F383388CDEAF8F4B4486D48FD7620C743EEC7D
                                                                                                                                                                                                  SHA-512:416BA1783868850402ADAE9005B132B877DDDF2FE0D4C65888B0977BAF437E6FFBD90ED2F38A20105D34284E4B1D7BAE9B6334138169614D4110063DC7F43A95
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}(..9I.G9I.G9I.GV?.G;I.GV?.G;I.GV?1G;I.G01.G<I.G9I.G.I.GV?0G7I.GV?.G8I.GV?.G8I.GV?.G8I.GRich9I.G........PE..L.....nT...........!......................... ...............................`............@..........................&......|"..P....@.......................P..P.... ..............................H!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...h....0......................@....rsrc........@....... ..............@..@.reloc.......P.......$..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\j2pkcs11.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):44544
                                                                                                                                                                                                  Entropy (8bit):6.236408320973782
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:lWhDGnhr+CTX+fM3bgDxqI8HyKhmiIZnK1/ODJfsScUzTtAwbADVyktRrZT9ixHc:AGnhr+YP5yKhmiIM16ZAwUhdRrZT9ixQ
                                                                                                                                                                                                  MD5:86C0A4AAB0B4BD1ABA1FA989757714A1
                                                                                                                                                                                                  SHA1:3F1AF2CF34C4C7D55DBAD56960FE703AA375CF1C
                                                                                                                                                                                                  SHA-256:5534992EA97B7516737F0C6E242C1C6445E966E9E1EFEF8A8BEDABCBB42D3E9D
                                                                                                                                                                                                  SHA-512:172DCD3362596C8391C94807E3A4DD2A1F6B9A53DDB79F4764CF8899931D06D511FCAB87AB7F7B2DD3A57D0A4857283F3362546E5EB260BCE2414C47026EFC8E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........o...o...o....:..o....7..o.......o....5..o...o...o.......o....2..o....3..o....4..o..Rich.o..........PE..L.....nT...........!.....t...8.......}....................................................@.........................0.......<...d......................................................................@............................................text...>r.......t.................. ..`.rdata...'.......(...x..............@..@.data...............................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\jaas_nt.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13312
                                                                                                                                                                                                  Entropy (8bit):5.518551384267177
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:OMDW4OKS5aPrmsbnKMR0yD5wDMGa3X4WAO0PVlA6KicCgI1wG:xDWwq8KMR9D5wDRWIE0PVl+iWS
                                                                                                                                                                                                  MD5:B228204CBF0E33C3498B3C0D1D57A678
                                                                                                                                                                                                  SHA1:F8BB589AAB2900DE98B85D4555EE8E3CC37005A1
                                                                                                                                                                                                  SHA-256:62C2CC288081EFF11F075BB3717E74D6DEBB6BCCEBC588E5E37178CDE7C6A059
                                                                                                                                                                                                  SHA-512:287086C87DA6D755354CF28408141706559BBC8495E334C484E42BAE194767D3CADA018A6F2B499493BE873286D8F8663B0883FEF55F687692D14DDF781791A0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y...*...*...*..@*...*..B*...*..w*...*..O*...*...*...*..v*...*..G*...*..F*...*..A*...*Rich...*................PE..L...n.nT...........!.........................0...............................p............@..........................=.......8..d....P.......................`..\....1...............................6..@............0...............................text............................... ..`.rdata..g....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\java.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):73216
                                                                                                                                                                                                  Entropy (8bit):6.552812735537651
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:f3YtMbjWDmB/IWiWtl7zA4Y6Vr6EbYgYDlE5m4pIC5zZ9uTxc9:f3e8iilIel7zAz6Vr6MuE5JnZcTxu
                                                                                                                                                                                                  MD5:ED56EC14C66AD19AA36AB6F51157158A
                                                                                                                                                                                                  SHA1:EF11281FA49F39E7CEFB57A96B5138B0058F7814
                                                                                                                                                                                                  SHA-256:870BAB08FA48BC4E97016C86EE398690C434BB38442F79E30595E293BAE46CA5
                                                                                                                                                                                                  SHA-512:15C8CBCFDA6C0DEE2D5A328C28F7BF211BDE9904D76EE7E007A5BF8DFABF40D5A2B701E2087E6BA5C801969BC4A5F723A445412B84B25BD0846D068EA025196F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>...m...m...m..]m...m..hm...m..Pm...m.._m...m...m...m..im..m..Xm...m..^m...mRich...m................PE..L......T...........!.........P...............................................@............@.............................7...L...d............................0..........................................@...............(.......@....................text............................... ..`.rdata...!......."..................@..@.data...............................@....reloc..,....0......................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\jawt.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):7680
                                                                                                                                                                                                  Entropy (8bit):4.59156317740863
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:An4VZi1lKg1+vB0qYzVucv3XLPVAAD6xC:An4VZao75Yxucv3XLPVlD60
                                                                                                                                                                                                  MD5:DF5701F78A8A4D777B16C3561C2E71F2
                                                                                                                                                                                                  SHA1:0D990DDDA6B2EEEB585A114F9EB08AD00EED2D6A
                                                                                                                                                                                                  SHA-256:3D35C633B3B40CF85433893F8B0C303DF9DEADBDF538545D882A81D9813EA60F
                                                                                                                                                                                                  SHA-512:CFBA1DB5EF800428E9FF23B95573542DAAB095B7880E17B3572E724EC7DF3C7DEC47F3DFAEFB97876E39DB3FD825315ED72CDEE53F1E150205DA8A12E71AE834
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[X...9.O.9.O.9.OpODO.9.OpOpO.9.OpOFO.9.O.AIO.9.O.9.O<9.OpOqO.9.OpOAO.9.OpO@O.9.OpOGO.9.ORich.9.O........PE..L.....nT...........!......................... ...............................`............@..........................%..J...,"..P....@.......................P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..*.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\jetvm\jvm.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13312
                                                                                                                                                                                                  Entropy (8bit):5.730700707044691
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:0KK9tEJPFZZFlWcAxA/OiMoUqLuJdxA6W4/UzL2Hiftq5tB3X03IPVR6ru986M9:Wi/XzSHiftq5t9E3IPVUu98j
                                                                                                                                                                                                  MD5:956943B96C1786DCC2F68639AAA7EF8E
                                                                                                                                                                                                  SHA1:4F71B3BC3EF81779298DAB77B6B52E5AF9A8A536
                                                                                                                                                                                                  SHA-256:C333C02735C9117DC8968BD95B4F55F599043B2D56A61C31FF858BBA1F7C7EAA
                                                                                                                                                                                                  SHA-512:CF1A4C663D664E85D720763435162E5A460B8C8CF8F8E48616F524FC35C18DDCFD6C10ECBB48D22FAF6E6AE0D14C41DB8D8C2FD58F602384FE7F89842E43B1E1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`B...................F...............................................................Rich............PE..L......T...........!................=".......0...............................`............@..........................6..|....1..<............................P..p....................................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......(..............@....reloc.......P.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\jpeg.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):139264
                                                                                                                                                                                                  Entropy (8bit):6.573345838115619
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:jRJThel5DT1FSioi+VpT6LaZonsE6YL6Xqaa2be/GboVI3r:jXTheLDRFtIpTmIG6Xqoq/GUVI
                                                                                                                                                                                                  MD5:CADEC145FB70900B9FC9BD599A1010B8
                                                                                                                                                                                                  SHA1:A9EB29E8BF8415CF74C3B7ADDBCDBFA52B838F15
                                                                                                                                                                                                  SHA-256:FFB50D4B8B4A6553D61FA1D895DE10E1F4F433D17AC082D4B141A515CCB432E1
                                                                                                                                                                                                  SHA-512:8B80EAD84EE5D647F9BD9F2F189095E0535C203CEEBE665E60E0BD2C2D6EF9F72F214C9530DE3B61D31667A6E083ADA86FD645DD2F51305F949C383012092D00
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..i..i..i...i..i...i..i..5i..i...i..i..i..i..4i..i...i..i...i..i...i..iRich..i................PE..L.....nT...........!.........R......y........................................P............@.............................X...L...P....0.......................@..x................................... ...@............................................text............................... ..`.rdata..h:.......<..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..,....@......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\jsound.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):24064
                                                                                                                                                                                                  Entropy (8bit):6.182365111343781
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:mg2t08Tk3HWgnbSVMm2PfyPoNLIuJAAHR1d59Vz8RPGHISQ6:mg2t086m2P6QIuJtdiR+R
                                                                                                                                                                                                  MD5:386D64ECAF41A6BD61D20DD139A49B87
                                                                                                                                                                                                  SHA1:6D9F4AB69A6F3B5F0EE265525DF6345C3E8E70FC
                                                                                                                                                                                                  SHA-256:BA97E3890310F81880105DE504A35392BEDCCF3BEC8909EF369DD35B3E8039F4
                                                                                                                                                                                                  SHA-512:20AD4515D6DC0C1769278D7BFE1A8E1D80A6BC12AAB594A707DF9B1F49CFF8BC631E5E42528E813A46780D9AA4CD241C23055AFD50C4C78D3FC8EFDEEDFF0779
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%u..D...D...D..2...D..2...D...<...D...D..D..2...D..2...D..2...D..2...D..2...D..Rich.D..........PE..L...f.nT...........!.....8...&.......A.......P............................................@.........................0^.......V..P...................................`Q...............................U..@............P..D............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data...$....p.......T..............@....rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\jsoundds.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):20992
                                                                                                                                                                                                  Entropy (8bit):6.151092053605889
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:gLWeRk48ZWH/UHCHofI/22ZhP5eH3Yi28YiXgx9YAfK+lNPmmcqg3upDOsHaa5WV:gWeRk4wWH/UHCHofI/22vP5eH3Yi28Yy
                                                                                                                                                                                                  MD5:33B8DB0960F5073C0979A9BDEA1D8A2B
                                                                                                                                                                                                  SHA1:959A64F0DE6BAFE136B7F5AB6A8F64D115940827
                                                                                                                                                                                                  SHA-256:37A4408B38AFF39072EC9E36F9E9B1648E93F81442CD47616EA27CD2472B5D28
                                                                                                                                                                                                  SHA-512:85B53253DD81F13C63C5CDE109903AFCBF0973B98EE99C7EF976022EF8A43A8E2B4C42ACA51A27588A44ADF551386A0014ECEBBB474239D841D10783F411F887
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!eg.!eg.!eg.N...#eg.N..."eg.(...)eg..F~."eg.!ef..eg.N..1eg.N.."eg.N... eg.N... eg.N... eg.Rich!eg.........PE..L...i.nT...........!.....6...".......?.......P............................................@..........................Y.......S.......p..........................<....Q...............................R..@............P...............................text...64.......6.................. ..`.rdata.......P.......:..............@..@.data...<....`.......H..............@....rsrc........p.......J..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\kcms.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):171520
                                                                                                                                                                                                  Entropy (8bit):6.713533838209036
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:6SPXPpqQKtpdhEnGoUsNynNmV1h9k6tKJ9eD1hUZR9GoAj6n:jPBq9tpdhEn1AsVn95KrOgZik
                                                                                                                                                                                                  MD5:E48B49C6E66F41EDA51190E0B583A061
                                                                                                                                                                                                  SHA1:CBBF2F097E4E49D6E9A34B7A97EC26F74886D1B1
                                                                                                                                                                                                  SHA-256:25F4BE130D5C42036243EA5998E934BB161F950D162D1BC81012455D7D9970D4
                                                                                                                                                                                                  SHA-512:C39256DB95D8AC407291FFD180A8F586671AE24743051D276B65DB7F3065467670268AD6BD22EBA9572BE2E085CFFB56A81446A9E3040ED00CB88066AC60AED0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yP2.=1\.=1\.=1\.RG.91\.RG..?1\.4I.91\.RG..81\.=1].T1\.RG..A1\.RG.<1\.RG.<1\.RG..<1\.Rich=1\.........................PE..L.....nT...........!.....\...F.......e.......p............................................@......................... ...d...lx..P.......h...........................`q..............................8w..@............p..D............................text....Z.......\.................. ..`.rdata.......p.......`..............@..@.data................t..............@....rsrc...h...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\mlib_image.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):567808
                                                                                                                                                                                                  Entropy (8bit):6.4656952651270165
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:mVnmX48vqmyOCpdCuacbc2gRbBzh38IHH07WN0avhwzENw3sMaX40RwfpxCOPkx:QmX48jyOCpdCuac7gRbBzh38IHHqWN0s
                                                                                                                                                                                                  MD5:47DD2E0057542E7005015D8E1FCFE941
                                                                                                                                                                                                  SHA1:EA7A33CB8EA02B1C4F8C756CC5D49C12990FC060
                                                                                                                                                                                                  SHA-256:9CE616101F6A77BC22B9CCCD08B4C143BA522319306A65AB398C51C30AEF2EAC
                                                                                                                                                                                                  SHA-512:CE9BDE35D34CC266B5409D74764727D025D0B2E764DA656CAC53105229EAC97C70075E496E1907E2A8545995DABDFF90ED91B66D8C247B43F21DD4EFAF1DF917
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4..jZ..jZ..jZ......jZ.....jZ..j[..jZ.....jZ.....jZ....jZ.....jZ.....jZ.....jZ.Rich.jZ.........PE..L...+.nT...........!......................................................................@.............................".......<...................................................................p...@............................................text............................... ..`.rdata.."...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\msvcr100.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):770384
                                                                                                                                                                                                  Entropy (8bit):6.908020029901359
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
                                                                                                                                                                                                  MD5:67EC459E42D3081DD8FD34356F7CAFC1
                                                                                                                                                                                                  SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                                                                                                                                                                                                  SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                                                                                                                                                                                                  SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\net.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):69120
                                                                                                                                                                                                  Entropy (8bit):6.483356465935982
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:EaBcM7cFyPU4p6pdWG6T61H+7QbwWiR/OAY15peHD4E:EaBPcFJq6bWRQy2AgDpeHD4E
                                                                                                                                                                                                  MD5:0C7A8B3AF36C4CC9731C46B20DDC0B51
                                                                                                                                                                                                  SHA1:286A24625B484821CA29A290FB4D7384A65FAF91
                                                                                                                                                                                                  SHA-256:1A53E1C7678B77C7EB620D879BE0B816A7AD95CD6DFB9C2B5D4861CEF19FD469
                                                                                                                                                                                                  SHA-512:802B9026E2FDA6ADA628C14E14503E6EF05D7DB31ED329037857E2876BA0DCFEB5C8CF833AD34521FDE84F03BBC6DED266E597FDBE8D1FDCD4EFF8DCB282A963
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........E.ef..ef..ef......ef......ef......ef......ef..eg.(ef......ef......ef......ef......ef.Rich.ef.........................PE..L.....nT...........!.........d...............................................@............@.......................................... .......................0..8.......................................@...................<...`....................text.............................. ..`.rdata...G.......H..................@..@.data...X...........................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\nio.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):43520
                                                                                                                                                                                                  Entropy (8bit):6.240644829601887
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:+rv84FEnfcrrGxIg58rOekJMcy/BT1nnZukZBtMsBqv8oxwE+8Y20PmM+s+HI:q84FB2icATNZudv8oDV8mM7p
                                                                                                                                                                                                  MD5:A67D5A69FA7C530F807E13FAF316520D
                                                                                                                                                                                                  SHA1:ADAC264B91A8D47D2A0AF96CA1ED2643445E2AE4
                                                                                                                                                                                                  SHA-256:1A9E2AF0C198176CF36B3767DA22DFD7B524D94166521462FE49544F1B5BE0F5
                                                                                                                                                                                                  SHA-512:D1D9CE8C2C1B59FFAD1D826EC324C53D7F4FE7EA6A6E36E798E1C85D1CCB826C6C64C67DAA2E5CD0CBCC43A9213BFB48CF8B8FF55DDA9CCCEEF368D21098D5A7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B...,..,..,....,....,....,....,..-.:.,....,....,....,....,.Rich..,.........PE..L.....nT...........!.....R...X.......[.......p............................................@.........................@...L*...|..................................`....r...............................z..@............p...............................text....P.......R.................. ..`.rdata...D...p...F...V..............@..@.data...0...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\sunec.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):117248
                                                                                                                                                                                                  Entropy (8bit):6.5632166571305595
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:3/pu0tOkLddn3Hq2/+IQRndRnoEHJClgKptxG0ULtt1vhMYW67qD:xvBdnXQRnrpCPe5vh3W6qD
                                                                                                                                                                                                  MD5:81382B6406DEB11CEA4A5F873CD27D3D
                                                                                                                                                                                                  SHA1:9D50766FBB0C0CE740F2ED22CE21A9C833446441
                                                                                                                                                                                                  SHA-256:0BEAC9863E878A2E32E258F5B61773402538DA99897C1E428196058C2B90F2EB
                                                                                                                                                                                                  SHA-512:C2108E8328AEC8AAEB722097266167787B6CB63DEB878A8924E8CBB875277224A69EFABDC2F2E724C2A35910DDBCF9E3EC4B0D4CBC008A2E33A4F4CEA1C9C85B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..@u.e.u.e.u.e.|...w.e.....t.e.....v.e.u.d.Z.e.....r.e.....].e.....v.e.....t.e.....t.e.....t.e.Richu.e.........................PE..L.....nT...........!.........................0............................................@.........................@.......,...<....................................0..................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..:...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\sunmscapi.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18944
                                                                                                                                                                                                  Entropy (8bit):5.859014985380453
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:9zZvp8XxZBWl0jkpFUvVx7QW2p+HPWDlFh7gIHzIPV5a2lWWalJ:fq3U0+UnQWi+HMlFnH8d1NalJ
                                                                                                                                                                                                  MD5:53E11407864AA1AF2C31ED969DCAA0DC
                                                                                                                                                                                                  SHA1:95E6E1C6D243F72EBE59F95348D84DD5F4440CBB
                                                                                                                                                                                                  SHA-256:3F491DD43F31D8B0516F2F17367DE5F777D5319DF6A3F4021122B5FDB49D82C9
                                                                                                                                                                                                  SHA-512:001201FAF92CCE7E0195A55A43152A50FF8F2139F18B822310269B3405DEBFE2CBF7D7C444AEA781C9645270215477717ECED94677FCBE12D96F7E2EBD04CF8E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Wi..Wi..Wi..8.?.Ui..8.=.Vi..8...[i..^.0.Pi..Wi...i..8...Ti..8.8.Vi..8.9.Vi..8.>.Vi..RichWi..........................PE..L.....nT...........!.....&..."......B1.......@............................................@.........................PO.......G..d....p..............................@A..............................PD..@............@..,............................text....%.......&.................. ..`.rdata..(....@.......*..............@..@.data...`....`.......@..............@....rsrc........p.......B..............@..@.reloc..T............F..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\t2k.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):186368
                                                                                                                                                                                                  Entropy (8bit):6.732681131862648
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:67zjPWh+NLCB8xVIK6FS/XC8HiSwy1SWL+7fVv1fSqJJ2qIcWYEfQQxIYh51cdTA:6bPWhyIJwyvSwy1fUf7ssnA
                                                                                                                                                                                                  MD5:9C1287D55CFF110E2E3ADFB3A630D0D1
                                                                                                                                                                                                  SHA1:397AC4E3C98B2F6B6B954A116B0419060342EF50
                                                                                                                                                                                                  SHA-256:600F2C668CB040CEF89E7326F38D409F9A7747C4A9B9C92E614226C30DB230F3
                                                                                                                                                                                                  SHA-512:DE1D54523F9600F860904C5848B5A05AC4D58A5115E43EA0B0FD58131A54D1B9B37797C1F3293B76C0379CC5C384C0130E3958733519CD9C926A8F21B3176D01
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8$.|E..|E..|E..u=&.~E...3+..E...3).yE..|E..EE...3..SE...3..xE...3..}E...3/.}E...3(.}E..Rich|E..........PE..L.....nT...........!.....^...~.......g.......p............................................@.............................f...<...P....................................q..................................@............p...............................text....\.......^.................. ..`.rdata..V[...p...\...b..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\unpack.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):51200
                                                                                                                                                                                                  Entropy (8bit):6.131563950511813
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:Pokz/J7J/St/P+JqUQY9KeephppwvD/UTj79yNkfqqi0tOndwnDH:Pokl0t/PMDQY9KeephppuC78QqqiL87
                                                                                                                                                                                                  MD5:33B2304B77E5F16D1BBD475B83D48080
                                                                                                                                                                                                  SHA1:C36FB46EB720D5E5590A8EA32BCADAF6B35B64E5
                                                                                                                                                                                                  SHA-256:A323AA76CFDA36DECA64493CA102B1D6B8593F930E94F708A4F92CBF4391F1E6
                                                                                                                                                                                                  SHA-512:3A2CC737C2DF2A2536C48D9D7AFDD81EBA44011539CF0644FF3ABF281E0DB8C8AAE088C737FE5ECBA088DF5256EC3B894D3338B56C1FA50349BDDDFE806E14F3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E...$..$..$..\x.$...js.$...Ru.$...RA.$...Rw.$..$..$...R@.$...Rp.$...Rq.$...Rv.$..Rich.$..........................PE..L...U.nT...........!.........8............................................................@.....................................d...............................t.......................................@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\unpack200.exe

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):139264
                                                                                                                                                                                                  Entropy (8bit):5.895382077185929
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:0zBGwXrzhWKfwZJM634fCC+8siEYbTuuPkpDs2bnToIfP+IOfIOn03GLcmCP:+7HCofoRgC6M1TBfPsRn0WLcmCP
                                                                                                                                                                                                  MD5:CA1C3FD1889AE1ADD5B727789BCB5865
                                                                                                                                                                                                  SHA1:A07CE4DE9867F571FA697534756D243F896633A1
                                                                                                                                                                                                  SHA-256:F37CBF61E657300F0E474ED843D2D348BEE2EA15B51FE7C92BD6900B33DCD2C9
                                                                                                                                                                                                  SHA-512:D3A4FBFF7A25105F3FC737597795347047E8F1E6166F8E341F7A6F1025282F7D6F060D556B107AC32952AA91572D67AA63D53EE7F2EC9436D64BE94C4AFC3DF2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................\.........................6.....7................Rich...........................PE..L...X.nT.................v..........:q............@..........................`............@..................................0..<....@.......................P..x... ...................................@............1...............................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...............................@....idata../....0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\w2k_lsa_auth.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14848
                                                                                                                                                                                                  Entropy (8bit):5.720638921785439
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:70DI4xMHoOo07OS7iWpLEiGTHb6hVXbS7JbGGNET7T7T7T7Z1FoynPV5ft:70DI4x1JuOS7iWpLEiGTHb6hVXbS7JbE
                                                                                                                                                                                                  MD5:6711F93E4074A7C99D97830F7AD399D9
                                                                                                                                                                                                  SHA1:E6D92176727588645AF5E8CDB3EE1BC8C91AF599
                                                                                                                                                                                                  SHA-256:E286F7AC5F47B35DDB17C23D1EC1564BCB50514F8DEA589A40F646E89C433D44
                                                                                                                                                                                                  SHA-512:81C4135DCE58AB33C7283933B54637E9580D60F53A797D276454727497BCA19A37F48ABBE8D1BF87F5CF5186E24D5E6D5F304D310394F45FB2277CECD0C2F887
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Dm.VDm.VDm.V+.BVFm.V+.@VEm.V+.uVFm.VM.MVMm.VDm.Vwm.V+.tVJm.V+.EVEm.V+.DVEm.V+.CVEm.VRichDm.V........................PE..L.....nT...........!........."......]".......0............................................@..........................A......|<..x....`.......................p.......1..............................H;..@............0...............................text...n........................... ..`.rdata.......0......................@..@.data........P.......0..............@....rsrc........`.......2..............@..@.reloc.......p.......6..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\bin\zip.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):67072
                                                                                                                                                                                                  Entropy (8bit):6.738049188030345
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:l1ds8TDMNEyjp/QsWjubwrPtUZEnToIflWIO/IOmr:fi2MNR1agKGoTBfl0xmr
                                                                                                                                                                                                  MD5:6A33E9A6DFF6D306E58C9AF96993EF5C
                                                                                                                                                                                                  SHA1:F85411CA37710A55385EA6B0A6CD98EC6E801113
                                                                                                                                                                                                  SHA-256:7668F9412749E88F8DBC1C99ECF723BFE492A2BF2A4E494CBBA205524C23B1CA
                                                                                                                                                                                                  SHA-512:973826013753DB61F700D48C902916CE6C7012E0792E3613B4C9313D4DD1A10C00BDEA4124F6B39C5045DBF8C3144F47E891BEC31E85DF4C086C349E8F0B5527
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'...'...'..._...'...Q...'...Q,..'...Q...'...'...'...Q-..'...Q...'...Q...'..Rich.'..........PE..L...9..T...........!.........b......6........................................@............@.................................|...d............................0..$.......................................@............................................text...>........................... ..`.rdata..VT.......V..................@..@.data........ ......................@....reloc..:....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XAWT10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):13595648
                                                                                                                                                                                                  Entropy (8bit):6.491042876283522
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:196608:V7E1auxGq5xEQmH7A7OTxZb8n0CjWRuGivInyl:V4abq5xO7cOTxZbM68GCl
                                                                                                                                                                                                  MD5:3C4A192071795F2B76AFE78B85D24DD0
                                                                                                                                                                                                  SHA1:4489BCA72759B9F799B73D315AE0706DFACDD621
                                                                                                                                                                                                  SHA-256:25F98AC4430D9311C6BB35737BCDD202CD3000D4E3348A869B1A3CD08830D017
                                                                                                                                                                                                  SHA-512:34C2A5C96EC30CAC7EA4E6788E0A294BBF097B49D539C7E0CD4E30E8CEFD9A944610341868456905A2D3955B507A425310A984F0C918F7D7E3F3A03871BE5CAB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.....pm..`).....p.m.......m...p.............................................. ... ...............0..N....p...............................@..XN...................................................................................text....pm......bm................. ..`.data....`)...m..Z)..fm.............@....bss.....................................rdata... +.......+.................@..P.jidata.............................@....idata.......p.......v..............@....jedata..............z..............@..@.edata.......0....... ..............@..@.reloc...P...@...P..."..............@..B.config..............r..............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XCRB10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5880320
                                                                                                                                                                                                  Entropy (8bit):6.380297546900943
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:UWcCqp2pd5r3mu2PS2sk09urIpnS23bnnbyrrNaW/52PJHQF7QporwXKQci3H7:RD5r2uk0kaurIpnSPM47Ggn4L
                                                                                                                                                                                                  MD5:CD726C9B1BD88AD845407B72200DF299
                                                                                                                                                                                                  SHA1:E7BAA1D08D9655E29536D2212EA95396CECEE505
                                                                                                                                                                                                  SHA-256:A270C7A41C6EA3940E2394AF9A63253C4A3A8682B27C583E6A38CE069A9876FC
                                                                                                                                                                                                  SHA-512:99B7B066D8A82FDF188E72620ECDDE3F4FC3630AD30F8C4097BC4185DF855A655D13B2396581DF4610F058F40A93E32A165A26FF08C9826E36D9FA748722C0FF
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.....@...................P....@...........................a.................. ... ................^.N.....[...............................^.X....................................................................................text....@.......4.................. ..`.data........P.......8..............@....bss.........P?..........................rdata...p....F..l....?.............@..P.jidata......@Z.......R.............@....idata........[......PS.............@....jedata..p....[..b...TS.............@..@.edata........^.......V.............@..@.reloc........^.......V.............@..B.config.......a.......Y.............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XEND10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                  Entropy (8bit):5.943345848995745
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:fZfMbejcZMWOCnXP/LMLsStHJNgkelYGcY:fZMbe8MFCnXOB4l9t
                                                                                                                                                                                                  MD5:F78B613ED0E30B23CCA7BFA4D6832D90
                                                                                                                                                                                                  SHA1:5B7C1592E6ECC4965E2B430312A2E3B3B68EAA9C
                                                                                                                                                                                                  SHA-256:4F3C8838DA400BF0D6EC25769955015A692F0CE5C349241A1FB9DB5111712AA4
                                                                                                                                                                                                  SHA-512:E2D2E12530DCC37D43276C36F5ED33027769AC45A5C4CE6944FAFA09169D5C58755C6866C213ABE382EDFE822DA3F368F3332BFBCADA2B4FEB061FDDB1FF3293
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.....@..........09.......P....`.............................................. ... ..................N.......................................t....................................................................................text....@.......@.................. ..`.data........P.......D..............@....bss.........`...........................rdata.......p.......J..............@..P.jidata..............R..............@....idata...............T..............@....jedata..............X..............@..@.edata...............Z..............@..@.reloc...............\..............@..B.config..............b..............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XIMG10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):128000
                                                                                                                                                                                                  Entropy (8bit):5.607668279954318
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:vlO5M4nHb/1saf4x7iIvTUTIkrVr5oKug:Yfsaf4xbvTKqg
                                                                                                                                                                                                  MD5:BF4573B1AC8110EEBF6D9B8F88661854
                                                                                                                                                                                                  SHA1:0C13C5BE1C9A4EDECA42AD891A5B0606A3EAD87F
                                                                                                                                                                                                  SHA-256:5A8DB5774FEDCACADF44ED1622A81BEE4F56F0C49C8EE776C38C02F432D391A8
                                                                                                                                                                                                  SHA-512:19B11F3DEB9EC8E5D6313D4CB5E77D143FB22D1C4AD72493B5AF541F25832B0E2E28F80A574D8AE5EA54849AE8CF2A5B0F0DBA037828E7EC18959EC72C707C46
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#............. ..P........................................p................... ... ...............0..N....................................@.......................................................................................text............................... ..`.data...............................@....bss..... ...............................rdata...@.......:..................@..P.jidata.............................@....idata..............................@....jedata...... ......................@..@.edata.......0......................@..@.reloc... ...@......................@..B.config......`......................@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XINV10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):73216
                                                                                                                                                                                                  Entropy (8bit):6.128857661677454
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:2tGWVrzcHNaDHMtGOixZ00IHbVpURa0UdkMgwbgXvXvngN1KZl:JFsMtox20IHbsalkMUfvgir
                                                                                                                                                                                                  MD5:33ED5ACE7F6633E55F294D1F365FC94E
                                                                                                                                                                                                  SHA1:60BF1803B1C6FFF9EE9939500D3D2BC1AFA8B433
                                                                                                                                                                                                  SHA-256:E49AB372A8BC69E840C9147CB48B5079371BCC10AAC4A963ADCBA67E2E495835
                                                                                                                                                                                                  SHA-512:7C979880EFAA345B46B2B88945C22CED563D30739732ACBF460A927D3F76E55FEB3D450CE7872B1379C7BD7D763E13FAB2DB586A7F870FB16379A26792CB0A44
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.........0... ................0.............................................. ... ..................N....`.......................................................................................................................text............................... ..`.data....0......."..................@....bss..... ...............................rdata...@.......6..................@..P.jidata.. ...@......................@....idata.......`......................@....jedata......p......................@..@.edata..............................@..@.reloc..............................@..B.config.............................@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XJCE10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):498688
                                                                                                                                                                                                  Entropy (8bit):6.1321226764231085
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:jjMSnxI5ymhUkIqymNtPtY5CkoWh/j+PxVoFTBpbvh2A2knZTIQv4rfZh8E+dBbb:HPnxI1PtY5CE8xljQKO
                                                                                                                                                                                                  MD5:D14068B5433BBBAF363A160A93A72B1A
                                                                                                                                                                                                  SHA1:8DEEFDF5031B4FAFFB70032C749681DE91687FD6
                                                                                                                                                                                                  SHA-256:E1A1565FE13D490115505AB748D141D50AEC3FAA92BE8E6CE297D27F1721AF43
                                                                                                                                                                                                  SHA-512:0D826638DD2C23AA88B390DA5738ADE36AC06C98C8A4290FF71B3C4C9CA81ED9E33926EA917C54ADD43AB16E6B947C2B32B43048A30DE76C5226BD25246C095F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#................@............................................................ ... ............... ..N....................................0..T<...................................................................................text............................... ..`.data...............................@....bss.....................................rdata...........t...r..............@..P.jidata..@.......6..................@....idata..............................@....jedata..@.......:... ..............@..@.edata....... .......Z..............@..@.reloc...@...0...>...\..............@..B.config......p......................@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):18079744
                                                                                                                                                                                                  Entropy (8bit):6.299343884427421
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:Xe6mUefdFTVB8BIjIRpCcOq3+55n/mlNAIfp0bI1NmDzg4Qm6w4ejiOMjfe/w6:XhCdTBZ2NBO8NAIfmbI+DzgPH5ECef
                                                                                                                                                                                                  MD5:125D50C220B482B6E3CFB4E75CF94D60
                                                                                                                                                                                                  SHA1:3D8FD2ECDC9FE37839A9A6E585A94D2560DDD187
                                                                                                                                                                                                  SHA-256:0B83FB70545F18E1A40B7E27A5C1423512945009CC605FB5F2BB745FA2DEAACC
                                                                                                                                                                                                  SHA-512:30149F7B16A5E85EE626CDA1EEBABB016301888D7527278C40D81C004C3A0A09EB95F0E3EE59EAA20942422B433B0303B2201A27DD9448D698E54AA167A9E84F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.....`g...(...#..C_......pg...............................7.................. ... ...............01......p).......7......................@1.0s...................................................................................text....`g......Tg................. ..`.data.....(..pg...(..Xg.............@....bss......#.. ...........................rdata....u.......u.................@..P.jidata......`).....................@....idata.......p).....................@....jedata.......).....................@..@.edata.......01......^..............@..@.reloc.......@1..v...`..............@..B.rsrc.........7.....................@..@.config.......7.....................@..P........................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMIA10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1526784
                                                                                                                                                                                                  Entropy (8bit):6.182041195277599
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:OnlOa6CvurRAIzSTv7DAUqkTPZ0bmV6HAClVhSoIAvC+R8BQuVR1Bz9Vfm3HrU6y:O7kIVDd99WHrU6rt
                                                                                                                                                                                                  MD5:4EC9EE6C0FB099581013112B03DBD8B5
                                                                                                                                                                                                  SHA1:956D0D180B7BF39011C7219B32FA0697A8095EDF
                                                                                                                                                                                                  SHA-256:A19BA8D16CCB8336F8C412009B392E19CD242BF59387EDC51D7BFB540103BBBD
                                                                                                                                                                                                  SHA-512:D629A3B4607C9B81C587A1B2CC8F0A00193CB6BF322E4AD95FABCA642217D83944FB1BC71732B8A0BC3E9B8C97EDE6B588CF4378784708ED8BEED1E25837F0E4
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.............@..pe............@.............................................. ... ..................N....P..................................D....................................................................................text............................... ..`.data...............................@....bss.....@...p...........................rdata...............T..............@..P.jidata......`......................@....idata.......P......................@....jedata......`...r..................@..@.edata...............R..............@..@.reloc...............T..............@..B.config..............H..............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMIS10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3823616
                                                                                                                                                                                                  Entropy (8bit):6.1376002725174175
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:/3Zz+Jziwua6uGu7mzsTkamCSHRexDTXUAULU0CiVLDmxOrN:/p+JznGu7mzsTkXpHrl7CiVnmx0
                                                                                                                                                                                                  MD5:668598DB2FA04C0C005BD66E4E28AA12
                                                                                                                                                                                                  SHA1:E43064B2310E568FEB346F096AE4A7048F711F20
                                                                                                                                                                                                  SHA-256:30C5502A80716D3E18577076924B3F8D815AD2FD2875B28BB4E6C0C861863F05
                                                                                                                                                                                                  SHA-512:30384A1052DA24A8E1879B9550DF889FD52835A7CEE8B46975A7F7DC2B6B4F27CE26E0F5A81F09CE39BB655D6FC0F83A64CF81CF2A60EE12989EDA3EE501B973
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.................a.......................................0>.................. ... ................;.N.....:...............................;..(...................................................................................text............................... ..`.data...............................@....bss.........0,..........................rdata... ..../.......,.............@..P.jidata.......9.......6.............@....idata........:.......6.............@....jedata..P....:..N....6.............@..@.edata........;......*8.............@..@.reloc...0....;..*...,8.............@..B.config...... >......V:.............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMNG10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1511424
                                                                                                                                                                                                  Entropy (8bit):6.28951003176768
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:eYeibbNN5SxdKLhbRyq8nP0f+KOJ9gIcP3Qsf4DS/tnsj:hQdKLhbcq8nRvy3iqs
                                                                                                                                                                                                  MD5:9F99D9D7B0ADC55617D35A4C6C021AC2
                                                                                                                                                                                                  SHA1:78E14267415D4D98F2FEB72446E59A4414EA1107
                                                                                                                                                                                                  SHA-256:D8D9FAB1084BB01DDFE66F3B6A95CEDAE621495FBE084D4F908FF8F7DC4A7CEB
                                                                                                                                                                                                  SHA-512:760C9CE40DF042C991C085E60F2EEEC5D46AADFD2D59431F13FD7B2521D38DB103934AE50F746AC755C207081CACC66A81DAFA51DFED64BDFE6022E362368C56
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.....P... ......p,.......`................................................... ... ..................N....P............................... ..\....................................................................................text....P.......D.................. ..`.data.... ...`.......H..............@....bss.....................................rdata...............^..............@..P.jidata..p.......b..."..............@....idata.......P......................@....jedata......`......................@..@.edata...............8..............@..@.reloc....... .......:..............@..B.config.............................@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XMSC10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):93184
                                                                                                                                                                                                  Entropy (8bit):5.949375795688946
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:ndHYYhDvgJIuVXKBCqgoAOUROLXiGvDpp25vEQYtfGpXuxKswQHjQDSxaDeHl/uZ:dHjDv9eKBCqgoYRObiGvDu50tfGpX+wD
                                                                                                                                                                                                  MD5:1223070642C4D1D73A1B7E5ABE457777
                                                                                                                                                                                                  SHA1:5958DD3EEF6DC08C28710DFD98100371CBED06F1
                                                                                                                                                                                                  SHA-256:1E9BCD76AC82993A1633373D58939763CFD722FA570D66560ECFB6CD4E125E35
                                                                                                                                                                                                  SHA-512:1845F093DCC690ED8C3E9F438615D9A4C94880E1CA9320EA733DB4EFECA3B3016297231461A7FA942E9A8CD4977BFE649CF939016D04A272DCB06EC4C0F94CAA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.........P... .............................................................. ... ..................N.......................................p....................................................................................text............................... ..`.data....P.......B..................@....bss..... ...............................rdata...@...0...@..................@..P.jidata.. ...p.......,..............@....idata...............J..............@....jedata..............N..............@..@.edata...............X..............@..@.reloc...............Z..............@..B.config..............h..............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XPKC10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):537088
                                                                                                                                                                                                  Entropy (8bit):6.143430823956798
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:di/SP+aBbxwOt7iHhtczpx+qnlPPZ4K3qfLHdsQfTeDBSykja25eWBReRKID1Qc2:wY+0Nt7++BlBiMUjjAoixDv+f9
                                                                                                                                                                                                  MD5:7FAD65511228AC171A1B93EC8F127254
                                                                                                                                                                                                  SHA1:1979B023C7009ADC45626C3F9358F77D8784A201
                                                                                                                                                                                                  SHA-256:E2510F4F903CB4FCBDCDCC4C59E2FF1F3BC70A0C2C601FFD92DFF43F7C8140CF
                                                                                                                                                                                                  SHA-512:EFE1FBA57D9AB2485457C20CDAF8EAA25D9D776D32B04194B7319B5E01EB7A540B901BE346B3D3421B3319E6631EF6764E5F5F1E2BD00D72E6A57F5BE5B01954
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#......................................................... ................... ... ..................N....`...................................E...................................................................................text............................... ..`.data...............................@....bss.....................................rdata.......@......................@..P.jidata..P.......L...\..............@....idata.......`......................@....jedata..@...p...:..................@..@.edata..............................@..@.reloc...P.......H..................@..B.config..............0..............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XRMI10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):267264
                                                                                                                                                                                                  Entropy (8bit):5.997305063650174
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:8j+mbZVaZHQyLSRd+IQFC6j/RQLx2h+pnSi9ZLS:8HbZVaZHnWRGnQLx2hvp
                                                                                                                                                                                                  MD5:DD86E9EAB0A5E2CD57810AF5C339D7C8
                                                                                                                                                                                                  SHA1:3008A0D93C7A505C133B7E4BE7148F8681BA7805
                                                                                                                                                                                                  SHA-256:E550D76B7AF647D917BF7EB5BA4CF0D12DE68CBE29F1B40659913E6810808F20
                                                                                                                                                                                                  SHA-512:BB48214DC098828977B104C73E1582288E8BB277C2E5D8233148C883E6EA6BCE28418CC55C43F91D736AD53A72EA60EFCB267330B1014C5A128994E8FA54C419
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.............@............................................................... ... ...............`..N.... ...............................p...&...................................................................................text............................... ..`.data...............................@....bss.....@...............................rdata..............................@..P.jidata..@.......@..................@....idata....... ......................@....jedata..0...0..."..................@..@.edata.......`......................@..@.reloc...0...p...(..................@..B.config.............................@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSCR10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1350656
                                                                                                                                                                                                  Entropy (8bit):6.442619627903716
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:4eUj5rr/hnBXGJPfHw9E7D4fCi4D2+Fx9wqWB2JMIKHpROEI298DNbm/82kWuuhN:49pB2m74a+xfKHpROEI29wNbm/82kWu8
                                                                                                                                                                                                  MD5:1DFD18888450C4A064E998979B4C7E6C
                                                                                                                                                                                                  SHA1:F3CC1291A1685891F999D55EE6CC5EAB0D534670
                                                                                                                                                                                                  SHA-256:AFD8A24DACAB4E537B0D313DB4C65A4D2D24C9154C81FAA8C37EEB6629E1EA6E
                                                                                                                                                                                                  SHA-512:01CF5CAE417E8D58588574C831B7F46FF14F1A41896CF796666A57FE7560CF34729A2E7A4A8710601C2CDAD53949CB4FBE402F7432C49D46F0CD95EB688C6D5D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.....`...0.......D.......p....P.............................................. ... ..................N............................................................................................................................text....`.......V.................. ..`.data....0...p...*...Z..............@....bss.....................................rdata.......P...r..................@..P.jidata..@.......<..................@....idata...............2..............@....jedata...... .......6..............@..@.edata..............................@..@.reloc..............................@..B.config.............................@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSEC10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1827840
                                                                                                                                                                                                  Entropy (8bit):6.043149795406691
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:Lc8FywuRNnnlO7vQarW5k4zWoi84VSy/xl38dk7HU:70PQISpSy/Mdk
                                                                                                                                                                                                  MD5:32BA1158E45C9516954F26207A8FF138
                                                                                                                                                                                                  SHA1:AFEACCEDAB640EAAC5CD0D20EAB2ABB5FC77DF91
                                                                                                                                                                                                  SHA-256:A54ED8B8B129FEACBEC1A5C875004A59A145AAF6CEF1A91F61223CC70CCCF516
                                                                                                                                                                                                  SHA-512:60D829C10C04FC50961E9FA822D47651B2160895764569B848C7F28DE0503417B491FE429D2B759A5EC82CEA54ECCB90D34F7DCE3B0BCBF55B28C5B2C19719DE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.........`......p............. .............................................. ... ..................N.......................................H....................................................................................text............................... ..`.data....`.......^..................@....bss.........@...........................rdata...........z...*..............@..P.jidata......@......................@....idata...............D..............@....jedata..............H..............@..@.edata..............................@..@.reloc..............................@..B.config.............................@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSND10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1099776
                                                                                                                                                                                                  Entropy (8bit):6.315073777539011
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:pCFQtBivL1WLRm0XhWrpZgxjHSbyvI5b+MvHAhvuQ:pCKtBiDOs00gxjHSiI5bfAFuQ
                                                                                                                                                                                                  MD5:3C36A7E18C60040EF0B244007309D52D
                                                                                                                                                                                                  SHA1:B593F1D30DB30F1E968BE994DCEF7196C49DDE22
                                                                                                                                                                                                  SHA-256:CD4F60E8310596DCE5A76C4017C3DBFDD9F422E3E71CB575FC5AF82C93CF408E
                                                                                                                                                                                                  SHA-512:B7965883EB11DB7BBC80DCA2E9700683FC2959B962FBEE63DE1A2227FE341F7D61AED2DB2CB65E14EBE57473ED2D087140324F028A50B9D1807360395A3289E5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#................`........................................0................... ... ..................N.......................................4}...................................................................................text............................... ..`.data............|..................@....bss.........@...........................rdata...`...P...V...&..............@..P.jidata..0...........|..............@....idata..............................@....jedata.............................@..@.edata...............D..............@..@.reloc...............F..............@..B.config...... ......................@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSQL10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):590848
                                                                                                                                                                                                  Entropy (8bit):6.269305879391264
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:ji4Xjdq2IZVe6oyhd1w+/I/XW+ydD8LaFuLA6Pecxw6K+6MSEc9es8o7Yng:u4XjwHVe0KoI/XFuV4w5WhI6s
                                                                                                                                                                                                  MD5:A8967CD8219485E5AE50FBA6384233F3
                                                                                                                                                                                                  SHA1:9B9D925DE0EFFD3D3D2B861868DD3BE82360833C
                                                                                                                                                                                                  SHA-256:1CAF2456E8394180CF5B0EBED01DC8704D07018715F6DB218AFBE112BA4BD091
                                                                                                                                                                                                  SHA-512:12402F809AF14C53A847C6D3336E76A20192AFF2141DCA609FB78F05C5B626BC2CD926C63700646266AB2281BA44C1E21F8AEC6ABCA51D46C608697C7081D513
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#................0i............ .......................... ................... ... ..................N....p...................................>...................................................................................text............x.................. ..`.data................|..............@....bss.........0...........................rdata...@.......:..................@..P.jidata..0...@.......T..............@....idata.......p......................@....jedata..@.......:..................@..@.edata..............................@..@.reloc...@.......@..................@..B.config.............................@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSSE10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):737792
                                                                                                                                                                                                  Entropy (8bit):6.16528832418123
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:W+jddFAoZXwJ2Iie2jv5AXfXX5m5fGNmRnHoS3X:W+jXFAaXwJ9iesv5AXfX8GoJIc
                                                                                                                                                                                                  MD5:D60FF4EB21265D1147D6A63194CF9915
                                                                                                                                                                                                  SHA1:E3FB0785F4321FBD57400F81A0015A3ABC5616B2
                                                                                                                                                                                                  SHA-256:F5D8C2F82E970FBB722FFAE7DD7C327651FC79F20E5A414B0EB38DE3F6215968
                                                                                                                                                                                                  SHA-512:A249C203DEBF17F6BE57E45048EB68371B4A6FDB06348A39D57AF5EA57848677EF0A8E82B5E560F9FC760782A5F3A11C4C2E7719D7A6A0B2E72AF1CFCFB32F16
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.....p...P.......O............@..........................p................... ... ..................N....p...................................f...................................................................................text....p.......j.................. ..`.data....P.......J...n..............@....bss.....................................rdata...`.......^..................@..P.jidata..p.......h..................@....idata.......p.......~..............@....jedata..`.......R..................@..@.edata..............................@..@.reloc...p.......h..................@..B.config......`.......>..............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XSWN10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2340864
                                                                                                                                                                                                  Entropy (8bit):6.349629520123932
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:msZG2oR67LelGWEuASUZ6Cw1TvpsScKO70xA4FJbSaDJohg7VGRDN:7ZG2+JAWEuASUZKTBOo2hTRD
                                                                                                                                                                                                  MD5:92B42578B49C2D085DCE5A59967306EF
                                                                                                                                                                                                  SHA1:908A279911BFED4082BB2FF04F2D0A4ACBC7AD82
                                                                                                                                                                                                  SHA-256:1CE5B7DDBC5C4A925F6E294BA6571E89E8FACAD179D65AA607BCB85703BC178D
                                                                                                                                                                                                  SHA-512:69005951A6931714DED9F70FED6578A333DCE048B89F59E1CF2E32B9ADC1D9045E74AB2FEBF42BBDD9AB19426FFC3CB04462A901EC96BDFC09B84FC5BA189497
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#......... .......u........................................&.................. ... ................$.N.....#...............................$......................................................................................text............................... ..`.data.... ..........................@....bss.....................................rdata..............................@..P.jidata......."....... .............@....idata........#.......!.............@....jedata.......#.......!.............@..@.edata........$.......".............@..@.reloc........$.......".............@..B.config.......%.......#.............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXML10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):9161216
                                                                                                                                                                                                  Entropy (8bit):6.334668318816143
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:GXDqAcywR892aSbnuJ0g5/k4Q+8qV9ysq5U9QEPKh4:2eAcywR89xQujZV9ysaZE
                                                                                                                                                                                                  MD5:AEB0EBF7A6F19353B66D3CAA488D36BD
                                                                                                                                                                                                  SHA1:8F97B58C62EE7651B889E4DA266857A373331CC6
                                                                                                                                                                                                  SHA-256:B05793849FECD6850563B155CF2547AA8F9B19DF0469871E0A2018AD211F0721
                                                                                                                                                                                                  SHA-512:C10EF5CAC3127E09F339A2A709CF1C30AD18054CB30BFE509D9C1B2D2C74B641912851F56830456534560B9B0F1B1913FFB04A0F85DCE988F56FDD3F3E832F12
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#......?.. &.....@.?.......?...@.............................................. ... ..................N........................................p...................................................................................text.....?.......?................. ..`.data.... &...?...&...?.............@....bss..........f..........................rdata........o..~....e.............@..P.jidata..............b..............@....idata.............................@....jedata..p.......n.................@..@.edata...............T..............@..@.reloc...........r...V..............@..B.config............................@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXWS10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2760704
                                                                                                                                                                                                  Entropy (8bit):6.310828579803763
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:qPBM6o25XrIdukNMEvUzm1AUeUzBBj+zBBacyLMbOJ+/1eLqD8JOPukMAZP:zMXkZV1zBBj+zBBa+
                                                                                                                                                                                                  MD5:644056C9771AAC1349D754546B57588C
                                                                                                                                                                                                  SHA1:7C0E6C65E5E84D2321484A1D00F9E50526D8390D
                                                                                                                                                                                                  SHA-256:19A80A4DEA9125C34AD1F6A860A163846F0AD4D27537348B53F238C418FFD968
                                                                                                                                                                                                  SHA-512:A37A0364CAA3CD07768D36A88BC911D49527A09E1B87CA6A0550A4DEE082E45DB54DD6D642A90B3C6447029DF55D28F912133072B84228ED8C10E117918DF7BB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.............p..@........ ................................-.................. ... ...............`,.N....P*..............................p,..g...................................................................................text............................... ..`.data........ ......................@....bss.....p...............................rdata...`...0...V..................@..P.jidata.......).......%.............@....idata.......P*.......&.............@....jedata......`*.......&.............@..@.edata.......`,.......(.............@..@.reloc...p...p,..j....(.............@..B.config.......-.......*.............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\XXXL10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3098112
                                                                                                                                                                                                  Entropy (8bit):6.4139314697742575
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24576:u5uiLU76XmLuC/zeWhe3/zxtK+pSusDnKROee4M0m8dfSMeH81caoOR9UL42OMYk:1tp9SafuGnKxS8NezaoE9ULu
                                                                                                                                                                                                  MD5:2B23D641DFE8731919331EE90D5450D0
                                                                                                                                                                                                  SHA1:ABB736B583E3BD3D91FF42DFC461068A8B80D055
                                                                                                                                                                                                  SHA-256:44FB0D65508369B288CAAEBFF6D0D7A423A12EBA4886913E37C979531627987E
                                                                                                                                                                                                  SHA-512:ECEDC03FB88C394B473108FD91E2A19304B5B2DB065AD4639703CA5D0155F09193F5391E1CE98E4CA65218E6410D1373C85CB9DD099C2B98380441EA9D27EA09
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#.....0..........0........@................................3.................. ... ................1.N...../...............................1..q...................................................................................text....0.......0.................. ..`.data........@.......4..............@....bss.........0...........................rdata........#.....................@..P.jidata...............*.............@....idata......../.......+.............@....jedata.. ..../.......+.............@..@.edata........1.......-.............@..@.reloc........1..t....-.............@..B.config......p3......D/.............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\dynlookup10505.tbl

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):41888
                                                                                                                                                                                                  Entropy (8bit):4.608886366247259
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:6ciEJUcs6uyUL4fL1a8Q7vXfYgdbmIVVLRobQ3Pi3q4+/LZybdifuMeDj78HM7Nc:uEJ3Q9L4z8d1boX6whgXtEJ3I
                                                                                                                                                                                                  MD5:2D405D2E1A34391CCFEB6FA7AF422C12
                                                                                                                                                                                                  SHA1:9EEA8EA37D5D17C497452939A95F2C604CF30024
                                                                                                                                                                                                  SHA-256:422F7754374AE7E9884AA76DFB98B12CDDD3D37BE85DBFCA8741A37B2D57409F
                                                                                                                                                                                                  SHA-512:90512CE4B37C130BFEE3DEC5FE97E50C933EC9F432BE10C41E9A05B8156A50136A7B88F6DE398C0514ECB5C0A5D8B171543505D3F7783F72653540C733094245
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:D XKRN10505.DLL..P java.sql..P sun.io..P java.util.spi..P sun.net.www.http..P java.rmi.dgc..P sun.rmi.transport.tcp..P java.lang.instrument..P com.excelsior.jet.runtime.typedesc..P sun.net.www..P com.excelsior.jet.runtime.vmopts..P com.sun.jmx.remote.util..P com.sun.security.auth..P java.nio..P sun.security.krb5.internal.crypto.dk..P java.util..P javax.crypto.interfaces..P com.excelsior.jet.runtime.memory.gc..P com.excelsior.jet.runtime.natives.sun.reflect..P sun.reflect.generics.reflectiveObjects..P sun.nio.ch..P com.excelsior.jet.runtime.excepts..P sun.rmi.transport.proxy..P sun.nio.cs..P com.excelsior.jet.runtime.bincomps.loader..P java.io..P java.lang.management..P com.excelsior.jet.common.jit.mem..P java.util.jar..P com.excelsior.jet.runtime.memory.gref..P sun.rmi.server..P com.excelsior.jet.runtime.memory.gc.compact..P org.xml.sax..P com.excelsior.jet.runtime.memory.gc.policies..P com.excelsior.jet.runtime.features.winservice..P sun.reflect.generics.scope..P com.excelsior.jet.run

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\jetrt\xjitb_j10505.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3772416
                                                                                                                                                                                                  Entropy (8bit):6.202764473398129
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:98304:EhFDebiokkTw8SIKNIFIutcMxnBQEZuk7iSGcr1qnr:q/okkTw8SIKNIFIutcMxnBxe
                                                                                                                                                                                                  MD5:42AF426EDB52A8C8DA24BF22924B0424
                                                                                                                                                                                                  SHA1:651E2B1F73FF07B8D161C205030ECE1F95FB69BF
                                                                                                                                                                                                  SHA-256:B5270B5787F649C7592BE9C023E2CB24FCB96F62753E34CFEB1E5586CEC87C1A
                                                                                                                                                                                                  SHA-512:39184CEF1246BDB56B75971F0DE0A85E89F01E6057BC5881A22FAB5FF8F81FDDBAEB74056E56643447C18F8645B823BD1C59458B2A1ED0F05D332AF7DAF053CA
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#......$..........5........$...@...........................<.................. ... ................8.......7...............................8.0 ...................................................................................text.....$.......$................. ..`.data.........$.......$.............@....bss..........*..........................rdata...`....,..R....).............@..P.jidata..@...p7..2...65.............@....idata........7......h5.............@....jedata.......7......l5.............@..@.edata........8......j6.............@..@.reloc...0....8.."...l6.............@..B.config.......<.......9.............@..P................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\accessibility.properties

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):155
                                                                                                                                                                                                  Entropy (8bit):4.618267268558291
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:nSkoZgZLXnuWxVEsTwVAAiuKIn7IRAdSPGGzJ0vwQAnfMaAHCRyvy:nBcAPWEwVAkIiSPhwwpkaAHCIa
                                                                                                                                                                                                  MD5:9E5E954BC0E625A69A0A430E80DCF724
                                                                                                                                                                                                  SHA1:C29C1F37A2148B50A343DB1A4AA9EB0512F80749
                                                                                                                                                                                                  SHA-256:A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
                                                                                                                                                                                                  SHA-512:18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#..# Load the Java Access Bridge class into the JVM..#..#assistive_technologies=com.sun.java.accessibility.AccessBridge..#screen_magnifier_present=true....

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\calendars.properties

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1232
                                                                                                                                                                                                  Entropy (8bit):5.168374721576515
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:QcEOzDhH3QkdkFz/vhOVul1V0DbeQ4NPq6Fz/qAvh5MCmCp8FRQFz/R2v77TRwYO:QsDBgkwOVul8DbeQd3s5MCmCkcJp
                                                                                                                                                                                                  MD5:11A665D311DEA55086674ABE2B1492FB
                                                                                                                                                                                                  SHA1:9C9267FC51EFF6B6742156114AE9865F1935EE65
                                                                                                                                                                                                  SHA-256:7B1FFDDB236015D37B816865ECDDB12739C8BCADAF9A22D437D490953AE8D1B3
                                                                                                                                                                                                  SHA-512:F85CF178B584C283981C751B05C8A40818BAD49990EDFDB0F84F4C10A667847BBF0D7F438065AD7658BA56BB488CA57C22FE8B0728467D28DEB653ECBC061A4E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..#.# Japanese imperial calendar.#.# Meiji since 1868-01-01 00:00:00 local time (Gregorian).# Taisho since 1912-07-30 00:00:00 local time (Gregorian).# Showa since 1926-12-25 00:00:00 local time (Gregorian).# Heisei since 1989-01-08 00:00:00 local time (Gregorian).calendar.japanese.type: LocalGregorianCalendar.calendar.japanese.eras: \..name=Meiji,abbr=M,since=-3218832000000; \..name=Taisho,abbr=T,since=-1812153600000; \..name=Showa,abbr=S,since=-1357603200000; \..name=Heisei,abbr=H,since=600220800000..#.# Taiwanese calendar.# Minguo since 1911-01-01 00:00:00 local time (Gregorian).calendar.taiwanese.type: LocalGregorianCalendar.calendar.taiwanese.eras: \..name=MinGuo,since=-1830384000000..#.# Thai Buddhist calendar.# Buddhist Era since -542-01-01 00:00:00 local time (Gregorian).calend

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\cmm\CIEXYZ.pf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):51236
                                                                                                                                                                                                  Entropy (8bit):7.226972359973779
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                                                                                                                                                                                                  MD5:10F23396E21454E6BDFB0DB2D124DB85
                                                                                                                                                                                                  SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                                                                                                                                                                                                  SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                                                                                                                                                                                                  SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\cmm\GRAY.pf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):632
                                                                                                                                                                                                  Entropy (8bit):3.7843698642539243
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                                                                                                                                                                                                  MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                                                                                                                                                                                                  SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                                                                                                                                                                                                  SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                                                                                                                                                                                                  SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\cmm\LINEAR_RGB.pf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1044
                                                                                                                                                                                                  Entropy (8bit):6.510788634170065
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                                                                                                                                                                                                  MD5:A387B65159C9887265BABDEF9CA8DAE5
                                                                                                                                                                                                  SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                                                                                                                                                                                                  SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                                                                                                                                                                                                  SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\cmm\PYCC.pf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):274474
                                                                                                                                                                                                  Entropy (8bit):7.843290819622709
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                                                                                                                                                                                                  MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                                                                                                                                                                                                  SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                                                                                                                                                                                                  SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                                                                                                                                                                                                  SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\cmm\sRGB.pf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3144
                                                                                                                                                                                                  Entropy (8bit):7.026867070945169
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                                                                                                                                                                                                  MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                                                                                                                                                                                                  SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                                                                                                                                                                                                  SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                                                                                                                                                                                                  SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\content-types.properties

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):5548
                                                                                                                                                                                                  Entropy (8bit):5.037985807321917
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:r45Vf4fq7MBzO4pYEZ2MQ6KXr3NO0slzMX+W1CuHvvABbiAQ+xaW/ioLHTU+Wsch:r4KJO4mEZ2MQ6Cr3NO0slzMX+WIuHvvv
                                                                                                                                                                                                  MD5:F507712B379FDC5A8D539811FAF51D02
                                                                                                                                                                                                  SHA1:82BB25303CF6835AC4B076575F27E8486DAB9511
                                                                                                                                                                                                  SHA-256:46F47B3883C7244A819AE1161113FE9D2375F881B75C9B3012D7A6B3497E030A
                                                                                                                                                                                                  SHA-512:CB3C99883336D04C42CEA9C2401E81140ECBB7FC5B8EF3301B13268A45C1AC93FD62176AB8270B91528AC8E938C7C90CC9663D8598E224794354546139965DFE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#sun.net.www MIME content-types table.#.# Property fields:.#.# <description> ::= 'description' '=' <descriptive string>.# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>.# <image> ::= 'icon' '=' <filename of icon image>.# <action> ::= 'browser' | 'application' | 'save' | 'unknown'.# <application> ::= 'application' '=' <command line template>.#..#.# The "we don't know anything about this data" type(s)..# Used internally to mark unrecognized types..#.content/unknown: description=Unknown Content.unknown/unknown: description=Unknown Data Type..#.# The template we should use for temporary files when launching an application.# to view a document of given type..#.temp.file.template: c:\\temp\\%s..#.# The "real" types..#.application/octet-stream: \..description=Generic Binary Stream;\..file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz..application/oda: \..description=ODA Document;\..file_extensions=.oda..application/pdf: \..de

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\currency.data

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):4200
                                                                                                                                                                                                  Entropy (8bit):3.145714690405229
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:ySaZUYewpaGwgCc9+H7Siwz0DWx2SoYn6lzuafp0CMnwEHmefE/B6:ySa0tCq7jwgyZ6wafmCMwEH7Ks
                                                                                                                                                                                                  MD5:01B0B7E7680208C7FDA4598053213DD9
                                                                                                                                                                                                  SHA1:0AB5198DD06B221857DB10EC662887B618EFCE47
                                                                                                                                                                                                  SHA-256:56566661D1632CE6EA4EE26A8308AD7865F1117B01042E4C0FD781BAAACAE7CA
                                                                                                                                                                                                  SHA-512:72FCAF65B0CC757119B4739A88308B3D2679FEA5DA198F89AD04037D00A9CB3E9E6A2B48F5DF81818C907DD29F1A923FDB13DC28AB543F0C5C59F690A77508E0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:CurD...........................C...M.......................K..3C...F...@.......... R..........$C.......F...............L..4C......2S...........M..0c..l...............<C..`C..DA...........K..,C..@M..........HO..........TC..|C...........E...............E.......................X...O...........B..{C.......O...D...............J...........................................J...............O...........................................C..........................2O...........................................M.......A...............................................................C...O..................................................................:O...........K...........R..$O...............C..D.......................@P..................HC..............................................XC..........TK...............J......LF..\E..................................hQ..............................xR......dQ..........pc..lQ..`................................................................................C

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\ext\meta-index

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):829
                                                                                                                                                                                                  Entropy (8bit):5.269351029956085
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:EV677x6CFRf08P8zX+4jz98htFVzDOFw5DOFFVzDOFvVzDOFz5ql/:EE796OfT0zZjzG7itfitigV
                                                                                                                                                                                                  MD5:9508E2E0399F8D0476B94830E7368930
                                                                                                                                                                                                  SHA1:3A55B004CC6F05F01D0B113CAAAFC2F90663C49B
                                                                                                                                                                                                  SHA-256:8AF49A8E6EC0A40F6479802A971B0FC7E3BCC818B7A06E778B855A7D6E8EDE1C
                                                                                                                                                                                                  SHA-512:0DF8DC0C4A6E9AB70B59E83F44EF985836C65201EA3BBECED2E44C9D70B2A8D9CD891DDC3D7C1047F8727659E271F0D173F196E243105154DBBEA5E75233C8F7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-32.jar..com/sun/java/accessibility/..! access-bridge.jar..com/sun/java/accessibility/..# dnsns.jar..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..sun/net..! jaccess.jar..com/sun/java/accessibility/..# localedata.jar..sun/text..sun/util..# sunec.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunjce_provider.jar..com/sun/crypto/..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunmscapi.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunpkcs11.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# zipfs.jar..META-INF/services/java.nio.file.spi.FileSystemProvider..com/sun/nio/..

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\ext\sunec.jar

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):15941
                                                                                                                                                                                                  Entropy (8bit):7.825341064620314
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:KMVGRiFk0a7x9Y/zdGU06dFknTQT0LiI+aWVpZCYAolKm4tOoWjF/Tzl/tVuMq8:KMVciFk0a7uzNdFbT0LifaWVDqoN4tO/
                                                                                                                                                                                                  MD5:F750AC3ED48056881F3FD0868F9C1986
                                                                                                                                                                                                  SHA1:95DC9053062D68CDE4E8C38494CC63AEFD7B0A42
                                                                                                                                                                                                  SHA-256:CEEDD1FAFA56A25D712E7B078BDC39E2846D39899A66DD5636EE039787C12710
                                                                                                                                                                                                  SHA-512:CAD214792840366442B6F5133EA1BA5E7C605DC6FF5E1A41F53A6E3B96D349CB9261F39A813F5570A620621BC5EFA38628A6DC086F2D0594415827C725F5B073
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:PK...........B................META-INF/MANIFEST.MF..Ko.0......Xt1.(.JCi.YPJ.....nF.1.).b.$....T.....{.....!.>..gd .=...<A)"....~$aF.... ..h...7.......p..]..S$..iF.E...=..U........=V.N. .0................We.A..(..gcjmL..NA.9.4c%.(e.E`..[7.:j...G.|..@ZK.j.S..2.Y..n...M....b^.....i..S.X.&..Ze...;.....#/f.n.l......Oj)...X....5.;GwpL./(.8....n.n.i.....Q...=.6..-z_.l.#M.o..jZ..c..f..v.j....686..6..r.<X..Y$...?.......ST.1E...r.T'3..=w$.9. .8\/=.[.\..F..j..x....._.<..*..P.>...\4Or.6.d(.....v.][.r/?q....g.,:...U.x...\....tH.a.u.+....T..6..#..I._o.t.K.R.h...}+^E.j.o...kCOb....]I#........C.L.....[(0....cO.._V..PK...._1N...f...PK...........B................META-INF/ORACLE_J.SF..O..0......w.vv..(.L.(H.#.,`.t"D...&..?}..9t...[N./.f..aYr....`C......Z.e...B....e-KJN..$b...u ...n.."Z.`.z:..9.r.7..K..F...ok..|.J. ..B.B.\(S..?7/...........gI/...,4V.u..n.s2TD.TA..SY.$Q....a...N.X....b.!,.T..C..`.].Wh....3..+.S..Ml./.....7..~..F.]_.tt(>..@.._....."+Jgb.v..'..<.

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\ext\sunjce_provider.jar

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):198101
                                                                                                                                                                                                  Entropy (8bit):7.927997903489171
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:JEj2olGyCSvfDZgB1ys75q4qDlafFAf9kqtWjWBZkxNP73:olJv1gBv7LSKW+/GZkxx73
                                                                                                                                                                                                  MD5:9E9D840F9E1D77782763C5194035951B
                                                                                                                                                                                                  SHA1:1826204B0E05AEF412B595321866F7D190E0498D
                                                                                                                                                                                                  SHA-256:A6FAACEF041EA69F413F542A4CFB2D9058A6B5B12B879D5533D7720FC7141EA9
                                                                                                                                                                                                  SHA-512:09589791CADD038D4D5D29E886BCBC9BB41F5EAD10BA6D24A28A71477C1A617A899BEAF7E839B537AA05145907B6F4CFFBF6D74114044A124820208EAAAF2859
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:PK.........UC................META-INF/MANIFEST.MF.ZI..H..Y..<.a.d]l..6.......$..1v..~...]=..2...a."..?...).0h...A..e........1.. ......_6..)..e..S6U.|..o..q......y.......+..)............G...&...ye....P...8.....7.\..9]X6....o.y.._.&p.......F,.C6o......{M..m...Xx_.....oG...M]P.......t.@O_.f...._~....1h.......r....T.S.fy.[.~.2.m.8.B~c.hq..o.$.w..+.h.I..+}5...t...s.B.x...tAz...#:_..{...2)O...0..n......-h..9...].ue..G...v.o5...`.|o...L.....J/...vf....C......b.X..p..6..L..G..VX6.;...o.....y.lK..d........U.f.......]...X./.].Cw.......A.]V..]_..y'9MJm`...0..](.......s....xO..;..x.....[....).}..........i.N..V...^.^.c.6c.z.&.....h......'.g..B..W.P.-U.. =:...rH..wd....(.......FstC.d..8.............Oh...s..Y6...#.n..#+P/k.`.N........N..*.'Mmr.E. .@v.a..w.k.TU\Dz.?.I.,.....$..+S&.z.}~.IhN...y...3:....hu)T.....f.c...x.....v.N.*..!X.mp.o......~...T....U..H.w./."...H.....-.N..crs=|c{Rt....e.........9..|^_=.r/1=.t~{.g...... A.`O..?...>.H...j'.v%o.+......a..

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\ext\sunmscapi.jar

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):30695
                                                                                                                                                                                                  Entropy (8bit):7.858281242906767
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:UI1LvjoBcVCpbjIIykVK8D93HL0o4YQ+b0rsc9ZJfvfW79zS9k+RQQXvAK709aVR:UwLvjqcVjkbL0o4YQ+b0rsc9ZJv+7oka
                                                                                                                                                                                                  MD5:C7608AB7E20D7352E43BD43DE045B833
                                                                                                                                                                                                  SHA1:A3D1A9689F1C8E36AB64FB669DF92076771C42F2
                                                                                                                                                                                                  SHA-256:87980EF790C5FA3F81AC30771114F6E6CEAAEC8C088F64691A6270D4699149D4
                                                                                                                                                                                                  SHA-512:CF7BC237BB73599D10C19E5A5A2458DAF484465CC2D512953C651424305CDAA1CDF6E51CCD676BE2CE5BDFEE3E45B432EB104355116ED87B16685A24EFA8BE57
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:PK........].+A................META-INF/MANIFEST.MF..K..H....Q..E/f.P.xiE.....|.".....Q^f"..}S3.=..T`. 3.;.yu?....}.a...+....'%."..$..f..L`._.5.A..i.......Q+.#.J.~.S.-...QrR.8M........oz..x_...H...5.f.@x.A.._O...&..c.cJ.(./.....9..I.nLh.1#...Pz.pJj...PJ.........*G.............Y.>?=?....5$..p....?...)..z.x.......|B.....ga.\.+.]..q....z.h.k.h..V.N.3..?.a..a..B..;...h......w.R...>....M.f..}..V.x ..VG.]..i..x.....}....F..-..d..vpf&.......y.p.K7{.f'.....H.+h..R...K..93.}4...<..c\..Z....A.......]...iL.6}..y.AG.c.]gU.(..2...,...Q....=...2...U..UO.,].*J........[{%e3.J..i[t....U.:.n.....<...p...(.....01.........l.Wk.[.....s.*.e.YN0..f>ZgG\........s_..N..#....W.iE.r.q..F..)-.!)%...*..7...O....|...'l..6r4g......X-Z.g.......}O..t..g\..uwx{..\.4..+hrc\...d."......!..gh..`&.....[.e..EM|.+....vDC...4B.8......[ve....Z.%3qu...D%.*by...b.}.>./...R2]..}.....G....1.sX........r|m./...o.Ug../x..]@$..~.`. :.....-....;PK..CZ.c....f...PK........].+A.......

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\ext\sunpkcs11.jar

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):237244
                                                                                                                                                                                                  Entropy (8bit):7.943496484259517
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:6144:v28zQjVkm54q4oH3SFNJ5dA2pM4dm16ZjDrf1z4+m0Gx8e:v28z3o46cNTdA6dm16t3c
                                                                                                                                                                                                  MD5:BD135CB85FFD7678A4E359952406EBEA
                                                                                                                                                                                                  SHA1:5E51CE82A095B4A23291B1CD35E6F1488EFC5776
                                                                                                                                                                                                  SHA-256:5B3EEB0B728CD7FDCF35456B6C1B0E246FACBC0B33EA22F47F602BC21798CDF4
                                                                                                                                                                                                  SHA-512:10F3A3E706AEC17E2E9A5892D34DBA181BA793EA8A1D8BEDC9AC9FE8CC1BDFDA5FD0B4C0B1AF26976CFC10A537357930B6E1E6B739D9580067C4D0FDC500788D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:PK.........UC................META-INF/MANIFEST.MF.ZGs.X..O...^..{E.U@.4Uo...('$6....._.d......e.T..t..u.o.q...._.q....}....fe.g~......e...?/be...B.UYT._..Q-nR....../J.7q..y.WE....z...W....o....-.ou;*UK...?.O.~:)......\b_.x.._d....M.o.[...6/.......UQ.u.g..........u./........[..Qu2..~s..l./.}.....R@.m.7.P..........u.E1R.w......].N.....p..?/..[.l.`..tW%WPe]5.....XI_.e.W.yx5.W.~...VX.~.p...I....C..3......p.1.Vgg....8...3.[6>.....6;...~..K%.2.I.%.'...@..Bf..UBY.".y.H.C..nqi.r..(...f.zy;...T.~.....=L.$#o..^........9..vrA..5).8pAD@7.+<.(....C......O.y...Ba.9..F...........8V.....B..J.{.0NZ......A,f.<ib.....JE1.@6f;'....)CG.8.;.......]NJ.F}...1.E{.S.:...$i8...4...... nQ..m..u..,.-7m..P.>.........5,k....."."}Ca.jS.p..u....Wbh.zR.....7...H..WJ/.c.k.........l..i.Z.p&:..sd.....@..e...7c.4.......'..Az.~.j......X.j.j.......c..&...G.V:.Tq9..........'\N..=m.t....?e...M.......b..l'.*p..&..R.u..1.2..Y..j6...].{....3[_.....$.v2.q.......I..l0....

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\flavormap.properties

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3928
                                                                                                                                                                                                  Entropy (8bit):4.86616891434286
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:pTgwOsORUjdjTD6QfxWkVIyiVyV2mjuVwwY:Jgw5TjdjTtpWk6ylV2zwwY
                                                                                                                                                                                                  MD5:D8B47B11E300EF3E8BE3E6E50AC6910B
                                                                                                                                                                                                  SHA1:2D5ED3B53072B184D67B1A4E26AEC2DF908DDC55
                                                                                                                                                                                                  SHA-256:C2748E07B59398CC40CACCCD47FC98A70C562F84067E9272383B45A8DF72A692
                                                                                                                                                                                                  SHA-512:8C5F3E1619E8A92B9D9CF5932392B1CB9F77625316B9EEF447E4DCE54836D90951D9EE70FFD765482414DD51B816649F846E40FD07B4FBDD5080C056ADBBAE6F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This properties file is used to initialize the default.# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-.# specific, default mappings between common Win32 Clipboard atoms and platform-.# independent MIME type strings, which will be converted into.# java.awt.datatransfer.DataFlavors..#.# These default mappings may be augmented by specifying the.#.# AWT.DnD.flavorMapFileURL .#.# property in the appropriate awt.properties file. The specified properties URL.# will be loaded into the SystemFlavorMap..#.# The standard format is:.#.# <native>=<MIME type>.#.# <native> should be a string identifier that the native platform will.# recognize as a valid data format. <MIME type> should specify both a MIME.# primary type and a MIME subtype separated by a '/'. The MIME type may include.# parameters, where each parameter is a key/value pair separated by '=', and.# where each parameter to the MIME type is separated by a ';'..#.# Because SystemFlavorMap implements Flavor

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\fontconfig.bfc

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:raw G3 (Group 3) FAX
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3670
                                                                                                                                                                                                  Entropy (8bit):4.405272911173572
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:ARsYThGbX/vaBKvKY5csG4BxciETBT5Bxrgs+LW/B56JF:Y1WvaBKvKY5vxci8j8WY
                                                                                                                                                                                                  MD5:2C02B7EEBA3E80310FC3C01529DBD6C4
                                                                                                                                                                                                  SHA1:EC5DC52DD207C65123798B52BAC526644176AB35
                                                                                                                                                                                                  SHA-256:37058F620B0FDA859624544E9B04BCA5B51186B97473CA1A12BC9EDA0AA1D399
                                                                                                                                                                                                  SHA-512:B17E4C0170E661C6468F5337832FA41F4FB6B01157C37576AB28E3EA298850EE3F3C4F00F95FF642199E16D847671EB5B85CA22FBE43ED75DBAC34F196BB5AE8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...%.........6.Y.j.{.........+...........6.=.:.-.9.;.<.2...0.4./.3.8.1.5.7......................................................................................................................................... ............... .........................................................................................................................D.C.I.F.A.G.E.B.?.@.>.H...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.J.M.U._.f.e.X.W.d.V.R.\.^.`.a.Y.O.Z.P.S.K.Q.N.[.c.L.T.].b.g.j.}...r.q.l.{.z.....p.o.|.s.k.w.~.t.x.v.y.........h.u.i.m.........n.................................................................................................................................................!......."........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y......................................................... .(.5.;.H.U.d.v...............................*.4.?.H.T.].i.s.~.............................".7.@.J.R.R.^.i

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\fontconfig.properties.src

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10479
                                                                                                                                                                                                  Entropy (8bit):5.1775158548479885
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:pB+e6a1nsNi8bTeOiO/Ywca9nB2RwhCQvBZGuo61:pBlnHIR9B2RwhL7
                                                                                                                                                                                                  MD5:BF7E957043B74B5D5D50A5E84550F2DA
                                                                                                                                                                                                  SHA1:3D55CED434D191E328E1DFF652D789D57F76BB20
                                                                                                                                                                                                  SHA-256:1647FC459A0B261A613CE72CA445D9D76A50E141F3E7C7B039DA48F767F4B49D
                                                                                                                                                                                                  SHA-512:3EF60002611F01958A62EFC6C7DFB77704F3842BD1B720D9DFB5208072603826CB343CA07D8F9124EBC2F3EAA4AC4A4E0B0F9A291359517A62AE942B7F1C6002
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# .# Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..# Version..version=1..# Component Font Mappings..allfonts.chinese-ms936=SimSun.allfonts.chinese-ms936-extb=SimSun-ExtB.allfonts.chinese-gb18030=SimSun-18030.allfonts.chinese-gb18030-extb=SimSun-ExtB.allfonts.chinese-hkscs=MingLiU_HKSCS.allfonts.chinese-ms950-extb=MingLiU-ExtB.allfonts.devanagari=Mangal.allfonts.dingbats=Wingdings.allfonts.lucida=Lucida Sans Regular.allfonts.symbol=Symbol.allfonts.thai=Lucida Sans Regular.allfonts.georgian=Sylfaen..serif.plain.alphabetic=Times New Roman.serif.plain.chinese-ms950=MingLiU.serif.plain.chinese-ms950-extb=MingLiU-ExtB.serif.plain.hebrew=David.serif.plain.japanese=MS Mincho.serif.plain.korean=Batang..serif.bold.alphabetic=Times New Roman Bold.serif.bold.chinese-ms950=PMingLiU.serif.bold.chinese-ms950-extb=PMingLiU-ExtB.serif.bold.hebrew=David Bold.ser

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\fonts\LucidaSansRegular.ttf

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Regu
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):698236
                                                                                                                                                                                                  Entropy (8bit):6.892888039120645
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:6obn11t7t7DxT+3+OQ64cctiOAq12ZX/DmfT6R83Sd8uvx7wSnyER4ky+SH/KPKQ:6oTJZzHniOAZ783Sd8uvx7wSnyER4kyI
                                                                                                                                                                                                  MD5:B75309B925371B38997DF1B25C1EA508
                                                                                                                                                                                                  SHA1:39CC8BCB8D4A71D4657FC92EF0B9F4E3E9E67ADD
                                                                                                                                                                                                  SHA-256:F8D877B0B64600E736DFE436753E8E11ACB022E59B5D7723D7D221D81DC2FCDE
                                                                                                                                                                                                  SHA-512:9C792EF3116833C90103F27CFD26A175AB1EB11286959F77062893A2E15DE44D79B27E5C47694CBBA734CC05A9A5BEFA72E991C7D60EAB1495AAC14C5CAD901D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:........... GDEF..|.......GPOS.......L...HGSUB.f.........LTSH...........uOS/2.#GQ...,...Vcmap..4........4cvt .y..........fpgm.!&.........glyf. ..........hdmx...M...(...\head..........6hhea...........$hmtx.S........-.loca'.c......-.maxp...Y....... nameW..r........post.&-.........prep.........................).......).....d. ...................{........B&H..@. ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..........................................................................................................".....".~...............E.u.z.~.......................O.\...............................:.R.m.............9.M.T.p.:.[.... . F p . . .!8!.!.".#.#.#!$i%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&.&.&.&.&<&@&B&`&c&f&k'.'.'''K'M'R'V'^'g'.'.'................ .3.....6.<.>.A.D.N.b.r.t......... .........P.......t.z.~

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\i386\jvm.cfg

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14
                                                                                                                                                                                                  Entropy (8bit):3.6644977792004623
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:yAGuryvn:yAGBv
                                                                                                                                                                                                  MD5:928C9180FA62A7594C6BA6C08D268419
                                                                                                                                                                                                  SHA1:B262E25A903A0E5AC9F654E4C27A44CD4BB1ACFE
                                                                                                                                                                                                  SHA-256:5AEA959C7D0DFD472DFE077FE8B996E3330F9498F8B694CA5001B03302D9AB8E
                                                                                                                                                                                                  SHA-512:DBC665195411DEEE5C5A875C76666C59391C716F9B5C7983AB2AEC3ABC08E10F03283F67E7223C30CCFE8EA9AA501BBA94D169A546CEC34709153E6ED90283A0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:-jetvm KNOWN..

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\images\cursors\cursors.properties

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1280
                                                                                                                                                                                                  Entropy (8bit):4.9763389414972465
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:RlwQtG0Bf29d3ptAMZGpfFGZWpHN07mBpQKf4TpxV4jp504Tz8pFMafpXs:RlwQM0BfEpZSKyCycXW44Cfy
                                                                                                                                                                                                  MD5:269D03935907969C3F11D43FEF252EF1
                                                                                                                                                                                                  SHA1:713ACB9EFF5F0B14A109E6C2771F62EAC9B57D7C
                                                                                                                                                                                                  SHA-256:7B8B63F78E2F732BD58BF8F16144C4802C513A52970C18DC0BDB789DD04078E4
                                                                                                                                                                                                  SHA-512:94D8EE79847CD07681645D379FEEF6A4005F1836AC00453FB685422D58113F641E60053F611802B0FF8F595B2186B824675A91BF3E68D336EF5BD72FAFB2DCC5
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.#.# Cursors Properties file.#.# Names GIF89 sources for Custom Cursors and their associated HotSpots.#.# Note: the syntax of the property name is significant and is parsed.# by java.awt.Cursor.#.# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>.# Cursor.<name>.<geom>.HotSpot=<x>,<y>.#. Cursor.<name>.<geom>.Name=<localized name>.#.Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif.Cursor.CopyDrop.32x32.HotSpot=0,0.Cursor.CopyDrop.32x32.Name=CopyDrop32x32.#.Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif.Cursor.MoveDrop.32x32.HotSpot=0,0.Cursor.MoveDrop.32x32.Name=MoveDrop32x32.#.Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif.Cursor.LinkDrop.32x32.HotSpot=0,0.Cursor.LinkDrop.32x32.Name=LinkDrop32x32.#.Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif.Cursor.CopyNoDrop.32x32.HotSpot=6,2.Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32.#.Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif.Cursor.MoveNoDrop.32x32.HotSpot=6,2.Cursor.MoveNoDrop.32

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\images\cursors\invalid32x32.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                  Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                  MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                  SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                  SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                  SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\images\cursors\win32_CopyDrop32x32.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):165
                                                                                                                                                                                                  Entropy (8bit):6.347455736310776
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                                                                                                                                                                                                  MD5:89CDF623E11AAF0407328FD3ADA32C07
                                                                                                                                                                                                  SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                                                                                                                                                                                                  SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                                                                                                                                                                                                  SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\images\cursors\win32_CopyNoDrop32x32.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                  Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                  MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                  SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                  SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                  SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\images\cursors\win32_LinkDrop32x32.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):168
                                                                                                                                                                                                  Entropy (8bit):6.465243369905675
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                                                                                                                                                                                                  MD5:694A59EFDE0648F49FA448A46C4D8948
                                                                                                                                                                                                  SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                                                                                                                                                                                                  SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                                                                                                                                                                                                  SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\images\cursors\win32_LinkNoDrop32x32.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                  Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                  MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                  SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                  SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                  SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\images\cursors\win32_MoveDrop32x32.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):147
                                                                                                                                                                                                  Entropy (8bit):6.147949937659802
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                                                                                                                                                                                                  MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                                                                                                                                                                                                  SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                                                                                                                                                                                                  SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                                                                                                                                                                                                  SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\images\cursors\win32_MoveNoDrop32x32.gif

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):153
                                                                                                                                                                                                  Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                  MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                  SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                  SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                  SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\jce.jar

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):109504
                                                                                                                                                                                                  Entropy (8bit):7.897628148773438
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:ZiM+ROk3dZOUQuj6+QQzJU7ZtF5EdKEgBX8lXfeq28fhbRT5KWG2CfADGkpfGbts:0M+cWyUJH7zq7ZtF5jHd8Ndb
                                                                                                                                                                                                  MD5:AB65DB6FEA21D07049D254F96C176714
                                                                                                                                                                                                  SHA1:BE4124ECCEB37230419F0F31EA6E7D50BABB4973
                                                                                                                                                                                                  SHA-256:C0F355F4EFEA96BCED82D98E090FA2C8CF863B6D3876A7E1D1F1C1BFFC116243
                                                                                                                                                                                                  SHA-512:9FFAEDA8E407F4B903EBD210D83A42D9FB9D5DCF95DB4E754E4013F2BD61F7E9D3C3472986F9CC7FC9593A66E2A001CBAF5F967FED62725CA57871F1D5898B6A
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:PK.........UC................META-INF/MANIFEST.MF.YK..L..wD..Z.b&.n..`G......Q.6.<.....U..}._.Z+-$N.y..fIv.......<....@.~..".).j....?f^^.|.K.M....E^......N....n.c..a.^...<{}i...u........w............~.>...7?F.$v..e.B+..o.}......}=........iM.".n.WCU..z.3.......}...5.^..~..q.h\...CQ._.|...)....F8D..t.7..8.~..]U.j..}..xj?_V....'...S.ST{j...r...?.x&,...p.py..... .U...TImR..=...|V4.V..K'.O3mk..m+~........}@..o..(.zMa5...G.....Ip?....b...DR0`...p.2..........RUz.wn.1,....s..X.Pd.......o.w.O<....j.+..N....Gg..fh.||...5).9.O..Rv.%.\..S..;.B.6...9.Yz.........W*O..].....2..."YG..0..p.O.{.2.Q..n........w...@V?...I.Y.....X.=A`}.9lk..............M.......fF.....o..e:.,..-..p...V.:...."k..E. .a].....y..].?..}6.'..(...e....)..t............n.,.u....^....`.g...l..m.T.S..]wL.$<.r.M..h...3B....e.*.x..$OBw..F..~..........r..l+"zz.....x5t.C.$.....2......$[.nO(.l6P7a../..;5|......J.aZ...h/.(!.z.~.....F.qZ+G....a..........E...r..*...'$....t.f7.....F.,......]

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\locales

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text, with very long lines (636)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1710
                                                                                                                                                                                                  Entropy (8bit):4.5731249404225816
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:muzsQ5LEaQ8o+Rtf0wrtxVzBgRVtxl5s/iqyujaYls+RtfdCtx+Rtlv:/ZTo+Rtd3PUlCfK+RtF++Rt1
                                                                                                                                                                                                  MD5:08E836F84A677A15F0C992DEED669372
                                                                                                                                                                                                  SHA1:B3A4319618990EB317C29C7F2202D5F6477BB196
                                                                                                                                                                                                  SHA-256:EC882A4EC55964D560FF7108A034D9D6BFE05221C1A0A49761F6EDD08C11C275
                                                                                                                                                                                                  SHA-512:480D4687E8F0C366B8457996F2F54CE919265DF2266DB222A9881CACD5DE359AEC83FFAF0FE494EDEB3B299D9CBCA36DE68347ECAD1555EE6A2BCE06111A1974
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview: be be_BY bg bg_BG ca ca_ES cs cs_CZ da da_DK de de_AT de_CH de_DE de_LU el el_CY el_GR en_AU en_CA en_GB en_IE en_IN en_MT en_NZ en_PH en_SG en_ZA es es_AR es_BO es_CL es_CO es_CR es_DO es_EC es_ES es_GT es_HN es_MX es_NI es_PA es_PE es_PR es_PY es_SV es_US es_UY es_VE et et_EE fi fi_FI fr fr_BE fr_CA fr_CH fr_FR fr_LU ga ga_IE hr hr_HR hu hu_HU in in_ID is is_IS it it_CH it_IT lt lt_LT lv lv_LV mk mk_MK ms ms_MY mt mt_MT nl nl_BE nl_NL no no_NO no_NO_NY pl pl_PL pt pt_BR pt_PT ro ro_RO ru ru_RU sk sk_SK sl sl_SI sq sq_AL sr sr_BA sr_CS sr_Latn sr_Latn_BA sr_Latn_ME sr_Latn_RS sr_ME sr_RS sv sv_SE tr tr_TR uk uk_UA en_US en | . be bg ca cs da de el es et fi fr hr hu is it lt lv mk nl no pl pt ro ru sk sl sq sr sr_Latn sv tr uk en | . de en_CA en_GB en_IE es fr it pt_BR sv en | . be bg ca cs da de el el_CY en en_MT en_PH en_SG es es_US et fi fr ga hr hu in is it lt lv mk ms mt nl no no_NO_NY pl pt pt_BR pt_PT ro ru sk sl sq sr sr_Latn sv tr uk | . be_BY bg_BG ca_ES cs_CZ da_DK de d

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\logging.properties

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2455
                                                                                                                                                                                                  Entropy (8bit):4.47026133037931
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:EmdS5PQQL8pRNYHjVsnkYXxtOGh1xdvjMgxH:G9NL3HjVLG1XrM8H
                                                                                                                                                                                                  MD5:809C50033F825EFF7FC70419AAF30317
                                                                                                                                                                                                  SHA1:89DA8094484891F9EC1FA40C6C8B61F94C5869D0
                                                                                                                                                                                                  SHA-256:CE1688FE641099954572EA856953035B5188E2CA228705001368250337B9B232
                                                                                                                                                                                                  SHA-512:C5AA71AD9E1D17472644EB43146EDF87CAA7BCCF0A39E102E31E6C081CD017E01B39645F55EE87F4EA3556376F7CAD3953CE3F3301B4B3AF265B7B4357B67A5C
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:############################################################.# .Default Logging Configuration File.#.# You can use a different file by specifying a filename.# with the java.util.logging.config.file system property. .# For example java -Djava.util.logging.config.file=myfile.############################################################..############################################################.# .Global properties.############################################################..# "handlers" specifies a comma separated list of log Handler .# classes. These handlers will be installed during VM startup..# Note that these classes must be on the system classpath..# By default we only configure a ConsoleHandler, which will only.# show messages at the INFO and above levels..handlers= java.util.logging.ConsoleHandler..# To also add the FileHandler, use the following line instead..#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler..# Default global logging level..# This

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\management\jmxremote.access

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3998
                                                                                                                                                                                                  Entropy (8bit):4.420205717459709
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:96:OWi7j79eK8MCN/xK4ijnv+wtosJj/D9mQyZWZuQgQX+dv:OWiv7b8rNXE+wusxr9m5WZuVDv
                                                                                                                                                                                                  MD5:F63BEA1F4A31317F6F061D83215594DF
                                                                                                                                                                                                  SHA1:21200EAAD898BA4A2A8834A032EFB6616FABB930
                                                                                                                                                                                                  SHA-256:439158EB513525FEDA19E0E4153CCF36A08FE6A39C0C6CEEB9FCEE86899DD33C
                                                                                                                                                                                                  SHA-512:DE49913B8FA2593DC71FF8DAC85214A86DE891BEDEE0E4C5A70FCDD34E605F8C5C8483E2F1BDB06E1001F7A8CF3C86CAD9FA575DE1A4DC466E0C8FF5891A2773
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:######################################################################.# Default Access Control File for Remote JMX(TM) Monitoring.######################################################################.#.# Access control file for Remote JMX API access to monitoring..# This file defines the allowed access for different roles. The.# password file (jmxremote.password by default) defines the roles and their.# passwords. To be functional, a role must have an entry in.# both the password and the access files..#.# The default location of this file is $JRE/lib/management/jmxremote.access.# You can specify an alternate location by specifying a property in .# the management config file $JRE/lib/management/management.properties.# (See that file for details).#.# The file format for password and access files is syntactically the same.# as the Properties file format. The syntax is described in the Javadoc.# for java.util.Properties.load..# A typical access file has multiple lines, where each

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\management\jmxremote.password.template

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2856
                                                                                                                                                                                                  Entropy (8bit):4.492265087792545
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MGS+Hpamow7YNkjP9YZAuFovuAnNpG1GMV/BWEUHXYE9nN6k5:Mdm7RT9tvuAnujaE0rN6g
                                                                                                                                                                                                  MD5:7B46C291E7073C31D3CE0ADAE2F7554F
                                                                                                                                                                                                  SHA1:C1E0F01408BF20FBBB8B4810520C725F70050DB5
                                                                                                                                                                                                  SHA-256:3D83E336C9A24D09A16063EA1355885E07F7A176A37543463596B5DB8D82F8FA
                                                                                                                                                                                                  SHA-512:D91EEBC8F30EDCE1A7E16085EB1B18CFDDF0566EFAB174BBCA53DE453EE36DFECB747D401E787A4D15CC9798E090E19A8A0CF3FC8246116CE507D6B464068CDB
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ----------------------------------------------------------------------.# Template for jmxremote.password.#.# o Copy this template to jmxremote.password.# o Set the user/password entries in jmxremote.password.# o Change the permission of jmxremote.password to read-only.# by the owner..#.# See below for the location of jmxremote.password file..# ----------------------------------------------------------------------..##############################################################.# Password File for Remote JMX Monitoring.##############################################################.#.# Password file for Remote JMX API access to monitoring. This.# file defines the different roles and their passwords. The access.# control file (jmxremote.access by default) defines the allowed.# access for each role. To be functional, a role must have an entry.# in both the password and the access files..#.# Default location of this file is $JRE/lib/management/jmxremote.password.# You

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\management\management.properties

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14097
                                                                                                                                                                                                  Entropy (8bit):4.571122906644088
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:Fqsmpsj42wbZTHV+Dq3xtP3xPqaNC/R1b:wsmpsjL0ZTHV++3xtpi68Xb
                                                                                                                                                                                                  MD5:81A43119AB15099C1D70E2D683FC8C0A
                                                                                                                                                                                                  SHA1:5496AA366AEC8168218963F8F85FC9D3F8691DD5
                                                                                                                                                                                                  SHA-256:FCACFA57CE3FE6372C2273ABC032A1320BE021AF42553E2104DB9937B6771783
                                                                                                                                                                                                  SHA-512:1526F581582DED7982C3BF1D0F0D8A3AFC0FF5B0A48B921DD0ACD29BD68B587546618E261B971FAE48C72BE410D106E7DD915723EDC4FFE9498FB0B45DC84AD0
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#####################################################################.#.Default Configuration File for Java Platform Management.#####################################################################.#.# The Management Configuration file (in java.util.Properties format).# will be read if one of the following system properties is set:.# -Dcom.sun.management.jmxremote.port=<port-number>.# or -Dcom.sun.management.snmp.port=<port-number>.# or -Dcom.sun.management.config.file=<this-file>.#.# The default Management Configuration file is:.#.# $JRE/lib/management/management.properties.#.# Another location for the Management Configuration File can be specified.# by the following property on the Java command line:.#.# -Dcom.sun.management.config.file=<this-file>.#.# If -Dcom.sun.management.config.file=<this-file> is set, the port.# number for the management agent can be specified in the config file.# using the following lines:.#.# ################ Management Agent Port ################

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\management\snmp.acl.template

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3376
                                                                                                                                                                                                  Entropy (8bit):4.371600962667748
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:MkX7W6+IX6XXZAHAvuAn97+onkFOqRCjEhd//SVBteM8hq/unuxsIsxuEAJw2n:MU6bpjvuAnEokSIU/uuxJn
                                                                                                                                                                                                  MD5:71A7DE7DBE2977F6ECE75C904D430B62
                                                                                                                                                                                                  SHA1:2E9F9AC287274532EB1F0D1AFCEFD7F3E97CC794
                                                                                                                                                                                                  SHA-256:F1DC97DA5A5D220ED5D5B71110CE8200B16CAC50622B33790BB03E329C751CED
                                                                                                                                                                                                  SHA-512:3A46E2A4E8A78B190260AFE4EEB54E7D631DB50E6776F625861759C0E0BC9F113E8CD8D734A52327C28608715F6EB999A3684ABD83EE2970274CE04E56CA1527
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# ----------------------------------------------------------------------.# Template for SNMP Access Control List File.#.# o Copy this template to snmp.acl.# o Set access control for SNMP support.# o Change the permission of snmp.acl to be read-only.# by the owner..#.# See below for the location of snmp.acl file..# ----------------------------------------------------------------------..############################################################.# SNMP Access Control List File .############################################################.#.# Default location of this file is $JRE/lib/management/snmp.acl..# You can specify an alternate location by specifying a property in .# the management config file $JRE/lib/management/management.properties.# or by specifying a system property (See that file for details)..#...##############################################################.# File permissions of the snmp.acl file.##############################################

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\meta-index

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2134
                                                                                                                                                                                                  Entropy (8bit):4.947245009382365
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:EE796OfEJHJ0kibGZgdhKOAY2HQiihr4kLzteKk:En9J0k+G6dhKOA3HQiihEYz8Kk
                                                                                                                                                                                                  MD5:B0DA6EB868B28B0546D696D0C56F4FBD
                                                                                                                                                                                                  SHA1:2D0B1B711BA8911FD7F247489D11617F0BF277E8
                                                                                                                                                                                                  SHA-256:9BC4542680076FA0DE0C20B7DB4393A10A27BC7F8C20E5FC72DA02D35438A945
                                                                                                                                                                                                  SHA-512:3DCFF588C983B6728A81F697B2F90ACDFBFF53C2F7C8DC2240ACAB5249A1DA5F7B97B89DD1C624CE4ACA5486463590346ABA9803A52C6703BC0EA1075C11A3DC
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! alt-rt.jar..java/math..java/text..java/util..sun/misc..# charsets.jar..META-INF/services/java.nio.charset.spi.CharsetProvider..sun/nio..sun/awt..sun/io..# jce.jar..javax/crypto..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..! jsse.jar..sun/security..com/sun/net/..! management-agent.jar..@ resources.jar..com/sun/java/util/jar/pack/..META-INF/services/javax.print.PrintServiceLookup..com/sun/corba/..META-INF/services/javax.sound.midi.spi.SoundbankReader..sun/print..META-INF/services/javax.sound.midi.spi.MidiFileReader..javax/swing..META-INF/services/javax.sound.sampled.spi.AudioFileReader..META-INF/services/javax.sound.midi.spi.MidiDeviceProvider..sun/net..META-INF/services/javax.sound.sampled.spi.AudioFileWriter..com/sun/imageio/..META-INF/services/sun.java2d.pipe.RenderingEngine..META-INF/services/java.sql.Dri

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\net.properties

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):3070
                                                                                                                                                                                                  Entropy (8bit):4.811099943962599
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:0AATRioRX9STbYjYXXtGObc9076oObcs6EnObc9jf0ObcqOn6t6Ju:VAcEvEtGObfObz3Obm0ObPOn21
                                                                                                                                                                                                  MD5:19A5C7F5186854362281A152E756CE2F
                                                                                                                                                                                                  SHA1:CC738221F126334DE60D73B5DB63789C41E282AC
                                                                                                                                                                                                  SHA-256:5D62F39E6EB46C7A731B6997A14ACFEB63F5C95DFCEF8DE3D4D94B5D571372C6
                                                                                                                                                                                                  SHA-512:24E3489B825015226C7C2A1AC6CC2D20D5056C8D578D612F73A35AA43A953CFE331FD6CBDC251CE23CFAA403130848822DD3EFB30ED427F25A1221BA0A2B2BF3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:############################################################.# .Default Networking Configuration File.#.# This file may contain default values for the networking system properties..# These values are only used when the system properties are not specified.# on the command line or set programatically..# For now, only the various proxy settings can be configured here..############################################################..# Whether or not the DefaultProxySelector will default to System Proxy.# settings when they do exist..# Set it to 'true' to enable this feature and check for platform.# specific proxy settings.# Note that the system properties that do explicitely set proxies.# (like http.proxyHost) do take precedence over the system settings.# even if java.net.useSystemProxies is set to true.. .java.net.useSystemProxies=false..#------------------------------------------------------------------------.# Proxy configuration for the various protocol handlers..# DO NOT uncomment these

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\psfont.properties.ja

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2796
                                                                                                                                                                                                  Entropy (8bit):5.182793663606788
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:R8s89HoIbTUjbyuJdI2FylXLr96cpcnnI0adbEk+IqdouZ:y56CiPFylXLrMGyJU+B
                                                                                                                                                                                                  MD5:7C5514B805B4A954BC55D67B44330C69
                                                                                                                                                                                                  SHA1:56ED1C661EEEDE17B4FAE8C9DE7B5EDBAD387ABC
                                                                                                                                                                                                  SHA-256:0C790DE696536165913685785EA8CBE1AC64ACF09E2C8D92D802083A6DA09393
                                                                                                                                                                                                  SHA-512:CCD4CB61C95DEFDCBA6A6A3F898C29A64CD5831A8AB50E0AFAC32ADB6A9E0C4A4BA37EB6DEE147830DA33AE0B2067473132C0B91A21D546A6528F42267A2C40E
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.#.# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..#.#.Japanese PostScript printer property file.#.font.num=16.#.serif=serif.timesroman=serif.sansserif=sansserif.helvetica=sansserif.monospaced=monospaced.courier=monospaced.dialog=sansserif.dialoginput=monospaced.#.serif.latin1.plain=Times-Roman.serif.latin1.italic=Times-Italic.serif.latin1.bolditalic=Times-BoldItalic.serif.latin1.bold=Times-Bold.#.sansserif.latin1.plain=Helvetica.sansserif.latin1.italic=Helvetica-Oblique.sansserif.latin1.bolditalic=Helvetica-BoldOblique.sansserif.latin1.bold=Helvetica-Bold.#.monospaced.latin1.plain=Courier.monospaced.latin1.italic=Courier-Oblique.monospaced.latin1.bolditalic=Courier-BoldOblique.monospaced.latin1.bold=Courier-Bold.#.serif.x11jis0208.plain=Ryumin-Light-H.serif.x11jis0208.italic=Ryumin-Light-H.serif.x11jis0208.bolditalic=Ryumin-Light-H.serif.x11jis

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\psfontj2d.properties

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):10393
                                                                                                                                                                                                  Entropy (8bit):4.970762688893053
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:hPwn+Cyub3Ee4OECKDIcYOhAgZ50OKDQLT2IcpRuWRbHr9NRXUh/QTv9Ho39zPxq:5xzubEFOEscAW5VKsCfHz8RPxGt
                                                                                                                                                                                                  MD5:F8734590A1AEC97F6B22F08D1AD1B4BB
                                                                                                                                                                                                  SHA1:AA327A22A49967F4D74AFEEE6726F505F209692F
                                                                                                                                                                                                  SHA-256:7D51936FA3FD5812AE51F9F5657E0E70487DCA810B985607B6C5D6603F5E6C98
                                                                                                                                                                                                  SHA-512:72E62DC63DAA2591B48B2B774E2479B8861D159061B92FD3A0A06256295DA4D8B20DAFA77983FDBF6179F666F9FF6B3275F7A5BCF9555E638595230B9A42B177
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.#.# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..#.#.PostScript printer property file for Java 2D printing..#.# WARNING: This is an internal implementation file, not a public file..# Any customisation or reliance on the existence of this file and its.# contents or syntax is discouraged and unsupported..# It may be incompatibly changed or removed without any notice..#.#.font.num=35.#.# Legacy logical font family names and logical font aliases should all.# map to the primary logical font names..#.serif=serif.times=serif.timesroman=serif.sansserif=sansserif.helvetica=sansserif.dialog=sansserif.dialoginput=monospaced.monospaced=monospaced.courier=monospaced.#.# Next, physical fonts which can be safely mapped to standard postscript fonts.# These keys generally map to a value which is the same as the key, so.# the key/value is just a way to say the font has

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\resources.jar

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Java archive data (JAR)
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2452814
                                                                                                                                                                                                  Entropy (8bit):6.12283544750985
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:49152:I7k7NU9eG7Ajlw1nS3ke1Rbgb2381V+XdmNNPqCEuz4Ez9bAfJx4771lvgHZrdqZ:HOK4
                                                                                                                                                                                                  MD5:5BC7E99866CE0D8EA07B020C04176F30
                                                                                                                                                                                                  SHA1:B14BA00B13470D94AD3A8236CCAFF4BFE6F18251
                                                                                                                                                                                                  SHA-256:6FD5AF90A02DD083A31B055365664FBC772FD32368E3897450064693C835E865
                                                                                                                                                                                                  SHA-512:9EB28005F6E2AEDB4C49DF167681FEE189BD80F3B2582874987D6777B7F8CCEE483E4043C7F9442A93FBD38A9D9A7C5E256F31A93F361382995AA53295C04B74
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:PK.........suE................META-INF/....PK.........suE%.P.@...@.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.7.0_55..Specification-Vendor: Oracle Corporation..Created-By: 1.6.0_18 (Sun Microsystems Inc.)..Specification-Title: Java Platform API Specification..Specification-Version: 1.7....PK.........muEy.7z"..."...3...META-INF/services/com.sun.tools.internal.xjc.Plugincom.sun.tools.internal.xjc.addon.code_injector.PluginImpl.com.sun.tools.internal.xjc.addon.locator.SourceLocationAddOn.com.sun.tools.internal.xjc.addon.sync.SynchronizedMethodAddOn.com.sun.tools.internal.xjc.addon.at_generated.PluginImpl.com.sun.tools.internal.xjc.addon.episode.PluginImpl.PK........+quE.K.........!...META-INF/services/java.sql.Driversun.jdbc.odbc.JdbcOdbcDriver.PK.........puEj9<.D...D...0...META-INF/services/javax.print.PrintServiceLookup# Provider for Java Print Service.sun.print.Wi

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\security\US_export_policy.jar

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2487
                                                                                                                                                                                                  Entropy (8bit):7.447775133911528
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:9q62WJpl5Aldro5BqNgNPF9iBckx95GtyL420ksKMDr/ltIHb6Aaa0H12:YcpnIoXwgn9iBVx9L4CsKGRCHb4vHE
                                                                                                                                                                                                  MD5:D5D126AE15ABECB7D6E3A28B0D57543E
                                                                                                                                                                                                  SHA1:0F5F7000873330225C67C37B7E5E3F310DDF5730
                                                                                                                                                                                                  SHA-256:0E38F50CD7EBDFE7DAFEEBFA7156B89F848D5C7FAE853DB755B190E98AC4E7F2
                                                                                                                                                                                                  SHA-512:196B852E76B32C07EFDBF88E16995881D940E0144B2D0E0CAB8C4F51362898DB75489D6F1A98A51B49FB50B50CA25A083529315929668D75D54B3AF18E0CFEFE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:PK........2..>................META-INF/MANIFEST.MF.....0.E......"*.C.C.BE...UB|.T..$B.....9...Z..<i.:i4.i.D..a.4.....U.RI...o..a..q.'|hV.....<(.+-.c."...(.a...W..o1......j...r.^P,.g].o...B.Ve,L.VM.=..PK....G........PK........2..>................META-INF/ORACLE_J.SFm.OK.0...{..!G=.k..J....S\.......B.lI.....'..s.=...ap@_.y...,I....Q..t#.v....Cp.6......E.v..9T..(.h.b..qT9..Nt5}.E..+>..A.|.......;F.0K.jV.....>\.y3[.....Fh`.....p|.G....l{......a.^da..R.}....)......PK...Pa.........PK........2..>................META-INF/ORACLE_J.RSA3hb...........iA....&.3L......l..|.LR.....E....2.....q..f&F&&&fK..v..s.,.@....CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4...5440.b3....( ...5.r.....i.I.......s@.E..E.%..y....x............N..F.-U.*'.....@.sG..7....6Tb..1..33..<'.^P^.}....`...[...)K..=......m....v.0.g.,.....O.-Iz.&...3.r.Z..z.;;f...7.U._.}..Uq...;.<...j..fbfd`\..g..m ..............E....+Y~F.. >..

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\security\blacklist

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2770
                                                                                                                                                                                                  Entropy (8bit):5.789099490585808
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:uu7UUVZoHcBZ3mFcFtqoSB0at6vbVQ4tBfNHybSPB/iyeYvS04fMik9QyNXbZ5bW:uudVZoOZ3mFcFtqZB0q6jV//H2cB/iyE
                                                                                                                                                                                                  MD5:857F0BEC0986416BE3EA57E0D08477E8
                                                                                                                                                                                                  SHA1:4EA1990E689C266579CAED7BE176C3502052956B
                                                                                                                                                                                                  SHA-256:2848C4828D267FCA1B34AFFA071040139EEEAAAB884E4B74B3A50479B64A7D48
                                                                                                                                                                                                  SHA-512:34002FE65725A1D26E207F5E06FA304166DB7AEBD41B5ADAA17A87C94E5576E82B52AC10ADBF56AEA37E713F2B76860E200C8747B5FC40DB94D6F6CA8FAC9D6F
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:# JNLPAppletLauncher applet-launcher.jar.SHA1-Digest-Manifest: 5Bo5/eg892hQ9mgbUW56iDmsp1k=..# 7066583.SHA1-Digest-Manifest: x17xGEFzBRXY2pLtXiIbp8J7U9M=.SHA1-Digest-Manifest: ya6YNTzMCFYUO4lwhmz9OWhhIz8=.SHA1-Digest-Manifest: YwuPyF/KMcxcQhgxilzNybFM2+8=..# 7066809.SHA1-Digest-Manifest: dBKbNW1PZSjJ0lGcCeewcCrYx5g=.SHA1-Digest-Manifest: lTYCkD1wm5uDcp2G2PNPcADG/ds=.SHA1-Digest-Manifest: GKwQJtblDEuSVf3LdC1ojpUJRGg=..# 7186931.SHA1-Digest-Manifest: 0CUppG7J6IL8xHqPCnA377Koahw=.SHA1-Digest-Manifest: 3aJU1qSK6IYmt5MSh2IIIj5G1XE=.SHA1-Digest-Manifest: 8F4F0TXA4ureZbfEXWIFm76QGg4=.SHA1-Digest-Manifest: B1NaDg834Bgg+VE9Ca+tDZOd2BI=.SHA1-Digest-Manifest: bOoQga+XxC3j0HiP552+fYCdswo=.SHA1-Digest-Manifest: C4mtepHAyIKiAjjqOm6xYMo8TkM=.SHA1-Digest-Manifest: cDXEH+bR01R8QVxL+KFKYqFgsR0=.SHA1-Digest-Manifest: cO2ccW2cckTvpR0HVgQa362PyHI=.SHA1-Digest-Manifest: D/TyRle6Sl+CDuBFmdOPy03ERaw=.SHA1-Digest-Manifest: eJfWm86yHp2Oz5U8WrMKbpv6GGA=.SHA1-Digest-Manifest: g3mA5HqcRBlKaUVQsapnKhOSEas=.SHA1-Dig

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\security\cacerts

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Java KeyStore
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):81683
                                                                                                                                                                                                  Entropy (8bit):7.517430339641807
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:1536:3nelypO7vBvgNOLSLe15fHbDYaTO7op1cIE8YemHoO:3nelypOKjeXHbNpYhX
                                                                                                                                                                                                  MD5:37709A6876E95C380ED2AA17AEC8E3D1
                                                                                                                                                                                                  SHA1:2509E6F5AB14A706207EFC978529DACEB2F748D7
                                                                                                                                                                                                  SHA-256:DB5AE059BC05C65DF30FC6E975AC5A4AA2951AAFEF3338CEAE74F03B20667858
                                                                                                                                                                                                  SHA-512:D8A58CAF41BBECE581F77491182DCC57C21D7926D990156E3C8B6F6C356ECFAA1789DC94ABA238873007ED9EA7D33D4E1258D317C90E2BE00400B84BF16799C3
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:...........L......digicertassuredidrootca......j...X.509....0...0................F...`...090...*.H........0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0...061110000000Z..311110000000Z0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0.."0...*.H.............0.............C.\...`.q....&...... 9(X`......2a<..(........z.....yS\1.*...26v...<...j.!.Ra. ......d..[_.X.5.G.6.k..8>...3../..(......nD.a5...Y..vm..K.+..r.`..5.xU. ...m..I|1.3l"..2Z......9...:r.......1u..}".?.F..(y...W..~......V.......?........_.wO......c0a0...U...........0...U.......0....0...U......E....1-Q...!..m..0...U.#..0...E....1-Q...!..m..0...*.H.....................rszd...rf.2.Bub.......V.....(...`\.LX..=.IEX.5i..G.V.y...g.....<..&, .=.(.._."...e....gI.]..*.&.x.}?+.&5m_...I[.....=%.....o...dh.-..B.....b.Pg.l....k.6...7|.[mz..F`..'..K...g*h....3f....n...c.....%ml...a...&..q......Q.+

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\security\java.policy

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2593
                                                                                                                                                                                                  Entropy (8bit):4.453194859343699
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:hjrUah3ontU2H+h/ic1mo8vwwQcE8W7NpIjLSkLuodAZdgh1ykt0wS5:R4fc17wVx+NwltJU
                                                                                                                                                                                                  MD5:A8B1F38E1712729AD4C380646F263C33
                                                                                                                                                                                                  SHA1:8BC7F6E98D49AE9155261968AAA886CF3B459695
                                                                                                                                                                                                  SHA-256:FC639CB86805FEFAB9B96473F1CB4BF75331020FCC6EC66B90972BAB5C9E40F8
                                                                                                                                                                                                  SHA-512:609BE7F3C08D3F21FD521A85DDA928800C2B98EA06FDA5A120C07EF31C265FDE0E100E026F97342616302FDE9A7741082305752E95909193F1159B5556C3A74B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:.// Standard extensions get all permissions by default..grant codeBase "file:${{java.ext.dirs}}/*" {. permission java.security.AllPermission;.};..// default permissions granted to all domains..grant {. // Allows any thread to stop itself using the java.lang.Thread.stop(). // method that takes no argument.. // Note that this permission is granted by default only to remain. // backwards compatible.. // It is strongly recommended that you either remove this permission. // from this policy file or further restrict it to code sources. // that you specify, because Thread.stop() is potentially unsafe.. // See the API specification of java.lang.Thread.stop() for more. // information.. permission java.lang.RuntimePermission "stopThread";.. // allows anyone to listen on dynamic ports. permission java.net.SocketPermission "localhost:0", "listen";.. // permission for standard RMI registry port.

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\security\java.security

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):17985
                                                                                                                                                                                                  Entropy (8bit):4.703082001036945
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:384:almbJhHC6UTNUfO9WgTQNkPuN2gzGNEtzQNoLRvhlI:aobjC6UTOfO9WgTQ+PuN2gz+otvhlI
                                                                                                                                                                                                  MD5:70B6909FEB754F00DCE4F95BEF204A58
                                                                                                                                                                                                  SHA1:FEF86B824FAA73D4C1B5D3333CFCF4492EF409D5
                                                                                                                                                                                                  SHA-256:4EAE1C72F71FED223007C86E2C5A9774B8536FB50A717AC442791D8F17CF7D4C
                                                                                                                                                                                                  SHA-512:2827DE4FD8DAE7C29D3230E239F1BD2C7EDD54819AD7C6D5A4382BEDAD7EE351B81DDF19D736286D6D36580E8E8B594C280B2CB5BA2331713949309E0687223D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This is the "master security properties file"..#.# In this file, various security properties are set for use by.# java.security classes. This is where users can statically register.# Cryptography Package Providers ("providers" for short). The term.# "provider" refers to a package or set of packages that supply a.# concrete implementation of a subset of the cryptography aspects of.# the Java Security API. A provider may, for example, implement one or.# more digital signature algorithms or message digest algorithms..#.# Each provider must implement a subclass of the Provider class..# To register a provider in this master security properties file,.# specify the Provider subclass name and priority in the format.#.# security.provider.<n>=<className>.#.# This declares a provider, and specifies its preference.# order n. The preference order is the order in which providers are.# searched for requested algorithms (when no specific provider is.# requested). The order is 1-based; 1 is the

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\security\local_policy.jar

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2971
                                                                                                                                                                                                  Entropy (8bit):7.477865701757379
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:9Ow9LQ/yJOY7eKAldro5BqNgNPF9iBckx95GtyL4202DUAXr/ltIJP+p/5jIb391:shWrIoXwgn9iBVx9L4wNRyhtOv4v
                                                                                                                                                                                                  MD5:F41AB8F64B1FA13FEC7276579C420951
                                                                                                                                                                                                  SHA1:256FAE2BEECCABDD441BB072B1F2FA3349625807
                                                                                                                                                                                                  SHA-256:3E9CDD87F4A7C8F27B2BF4D03A7E51B6CE6A563A7F619DB8E3197799F1838AFD
                                                                                                                                                                                                  SHA-512:9FAA38ADAA441D6596E25DDA3A67789CD1978EE2FB5E65B99A7EB2C0EACD862D6260BB9EACD17C056AA5FBC180004C724B0229D3073F18C2C626EFCDA14364D2
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:PK........3..>................META-INF/MANIFEST.MF}.Ak.0...{..!.......jeX...V....14MB...........H.uQ..r%S..E...k.......R$.......3D.....+^..j....(...B.x..ap$.......]..D.Z.N}.T..G[..)..h./..C?.......9.'..........I](........o...y.PK..0.h.........PK........3..>................META-INF/ORACLE_J.SF}..N.@.@.=..0K....,$.....-.l..3..8....7.&..Y}'.UK.8...........>`M.h....i..;h+c..z.90.-..Lb?{..#..2../7CQ.pt'....C);..5..].c."Z......!.-..w6.{/...x.G~...q=Uy.5....4`...d..s...V.....K..2.......$..m.==.V)......_.j..`..t*Ok)8.{..6....PK...8|.....N...PK........3..>................META-INF/ORACLE_J.RSA3hb...........iA....&.3L......l..|.LR.....E....2.....q..f&F&&&fK..v..s.,.@....CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4...5440.b3....( ...5.r.....i.I.......s@.E..E.%..y....x............N..F.-U.*'.....@.sG..7....6Tb..1..33..<'.^P^.}....`...[...)K..=......m....v.0.g.,.....O.-Iz.&...3.r.Z..z.;;f...7.U.

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\sound.properties

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):1210
                                                                                                                                                                                                  Entropy (8bit):4.681309933800066
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:24:va19LezUlOGdZ14BilDEwG5u3nVDWc/Wy:iaLGr1OsS5KnVaIWy
                                                                                                                                                                                                  MD5:4F95242740BFB7B133B879597947A41E
                                                                                                                                                                                                  SHA1:9AFCEB218059D981D0FA9F07AAD3C5097CF41B0C
                                                                                                                                                                                                  SHA-256:299C2360B6155EB28990EC49CD21753F97E43442FE8FAB03E04F3E213DF43A66
                                                                                                                                                                                                  SHA-512:99FDD75B8CE71622F85F957AE52B85E6646763F7864B670E993DF0C2C77363EF9CFCE2727BADEE03503CDA41ABE6EB8A278142766BF66F00B4EB39D0D4FC4A87
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:############################################################.# Sound Configuration File.############################################################.#.# This properties file is used to specify default service.# providers for javax.sound.midi.MidiSystem and.# javax.sound.sampled.AudioSystem..#.# The following keys are recognized by MidiSystem methods:.#.# javax.sound.midi.Receiver.# javax.sound.midi.Sequencer.# javax.sound.midi.Synthesizer.# javax.sound.midi.Transmitter.#.# The following keys are recognized by AudioSystem methods:.#.# javax.sound.sampled.Clip.# javax.sound.sampled.Port.# javax.sound.sampled.SourceDataLine.# javax.sound.sampled.TargetDataLine.#.# The values specify the full class name of the service.# provider, or the device name..#.# See the class descriptions for details..#.# Example 1:.# Use MyDeviceProvider as default for SourceDataLines:.# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider.#.# Example 2:.# Specify the default Synthesizer by it

                                                                                                                                                                                                  C:\HamSphere\HamSphere_4.010a\rt\lib\tzmappings

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):8138
                                                                                                                                                                                                  Entropy (8bit):5.1631712578757005
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:192:qwfOC9OYOxUmHomjgDwlZ+TFXsq2H+aUHC/Qj4mEP:qqgniTyq0i2
                                                                                                                                                                                                  MD5:B2CF7CAA7A3611ACAB6B80D0E97FBDAD
                                                                                                                                                                                                  SHA1:CD89559E3E5AB65996B140CB69129D8665935171
                                                                                                                                                                                                  SHA-256:0C2953A7A5948BDF0D3EA7D11ABA301291E43D4082B0A07C9C782AF2880BAB57
                                                                                                                                                                                                  SHA-512:318F64B13F197CE9EA3567A073CF4DFDB189C8FD671BD6DD80A7B895405634791CF33B92B299CFE46E91614130616659558E4A65D86171D64C11DF857995D66D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:#.# This file describes mapping information between Windows and Java.# time zones..# Format: Each line should include a colon separated fields of Windows.# time zone registry key, time zone mapID, locale (which is most.# likely used in the time zone), and Java time zone ID. Blank lines.# and lines that start with '#' are ignored. Data lines must be sorted.# by mapID (ASCII order)..#.# NOTE.# This table format is not a public interface of any Java.# platforms. No applications should depend on this file in any form..#.# This table has been generated by a program and should not be edited.# manually..#.Romance:-1,64::Europe/Paris:.Romance Standard Time:-1,64::Europe/Paris:.Warsaw:-1,65::Europe/Warsaw:.Central Europe:-1,66::Europe/Prague:.Central Europe Standard Time:-1,66::Europe/Prague:.Prague Bratislava:-1,66::Europe/Prague:.W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:.FLE:-1,67:FI:Europe/Helsinki:.FLE Standard Time:-1,67:FI:Europe/Helsinki:.GFT:-1,6

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HamSphere\HamSphere_4.010a\HamSphere_4.010a.lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 23 12:34:28 2024, mtime=Mon Apr 29 20:02:11 2019, atime=Mon Apr 29 20:02:11 2019, length=1669320, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):909
                                                                                                                                                                                                  Entropy (8bit):4.454461870209227
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:8mq3vslIXidO1QG/+FhKyRvfDN9le5DIxfSjEjAr7h2xEZxf9xffxEZxfXn8ZQ7q:8mPOWGWFhKylN9ktQAvhI8ZQ78ZQ9m
                                                                                                                                                                                                  MD5:BEF16079B5EBBDC402528249AD5892E3
                                                                                                                                                                                                  SHA1:DD73DD5ABD396DB561AB9B7E8FA06AACF8AB69B7
                                                                                                                                                                                                  SHA-256:5DDDD478EF8FAF50BAEFEFC219C6B767610117F95EF4520C064E786E93191ED2
                                                                                                                                                                                                  SHA-512:7060DAE52C8829D0B186BFB94C4B4588FDB4621E6FE13132392889A3444780C9D06892D993688865F627FEE478DCA9ED9638368978F2D7AE20E611CE18B24195
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:L..................F.... ...t.HP%...K.......K.......x......................o....P.O. .:i.....+00.../C:\...................\.1.....WYKl..HAMSPH~1..D......WYHlWYOl.....)....................{...H.a.m.S.p.h.e.r.e.....n.1.....WYOl..HAMSPH~1.010..R......WYKlWYPl.....)....................i...H.a.m.S.p.h.e.r.e._.4...0.1.0.a.....v.2..x...NF. .HAMSPH~1.EXE..Z......WYOl.NF......T........................H.a.m.S.p.h.e.r.e._.4...0.1.0.a...e.x.e.......a...............-.......`...................C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe..D.....\.....\.....\.....\.....\.....\.....\.H.a.m.S.p.h.e.r.e.\.H.a.m.S.p.h.e.r.e._.4...0.1.0.a.\.H.a.m.S.p.h.e.r.e._.4...0.1.0.a...e.x.e...C.:.\.H.a.m.S.p.h.e.r.e.\.H.a.m.S.p.h.e.r.e._.4...0.1.0.a.`.......X.......921702...........hT..CrF.f4... .:T..Yc...,...E...hT..CrF.f4... .:T..Yc...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HamSphere\HamSphere_4.010a\Uninstall.lnk

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 23 12:34:28 2024, mtime=Mon Jan 26 22:53:59 2015, atime=Mon Jan 26 22:53:59 2015, length=422400, window=hide
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):874
                                                                                                                                                                                                  Entropy (8bit):4.5213657869832415
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:8md+fRRIXidO1QG/+FhKyRvfDnlIRxdGgjAg7l4QhxEZxfuhG/xEZxfXn6CF76Cg:8mdSbOWGWFhKylnmLpAwlPhHvF7vF9m
                                                                                                                                                                                                  MD5:7F6B9FED8393A0D9CAE16043F4ACF025
                                                                                                                                                                                                  SHA1:547FC308B222E69A259B0EBCFFC53E842B00568B
                                                                                                                                                                                                  SHA-256:2C20F6B5EBAD776D1DE14212BF58E7AACAA031D7E3B9C74D1CA0870AD53F0533
                                                                                                                                                                                                  SHA-512:7EF8EA45982BD8041773EA141DA1B57A6A7FB97C970528AA3C25CC45E151A23DC63D41390FE648542DCC41CEFA9790E5710454A076BC7413F8BD11A6B2C6F177
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:L..................F.... ....i.HP%....JZ.9....JZ.9...r......................a....P.O. .:i.....+00.../C:\...................\.1.....WYKl..HAMSPH~1..D......WYHlWYOl.....)....................{...H.a.m.S.p.h.e.r.e.....n.1.....WYOl..HAMSPH~1.010..R......WYKlWYPl.....)....................i...H.a.m.S.p.h.e.r.e._.4...0.1.0.a.....h.2..r..:F.. .UNINST~1.EXE..L......WYOl:F.......T........................U.n.i.n.s.t.a.l.l...e.x.e.......Z...............-.......Y...................C:\HamSphere\HamSphere_4.010a\Uninstall.exe..=.....\.....\.....\.....\.....\.....\.....\.H.a.m.S.p.h.e.r.e.\.H.a.m.S.p.h.e.r.e._.4...0.1.0.a.\.U.n.i.n.s.t.a.l.l...e.x.e...C.:.\.H.a.m.S.p.h.e.r.e.\.H.a.m.S.p.h.e.r.e._.4...0.1.0.a.`.......X.......921702...........hT..CrF.f4... .<T..Yc...,...E...hT..CrF.f4... .<T..Yc...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\InstTemp0\userinstall.dll

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):2560
                                                                                                                                                                                                  Entropy (8bit):1.6801752915438781
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12:ZSsiDaonZY1rGaTOCiZCyyipyyii5i1ia9xf3HfjcUhuZxf3Sqxf3FxfQxf3GxfW:ZS1DaZ5l11iaXc4ui
                                                                                                                                                                                                  MD5:720DF54776E7A1646B46A5142381070A
                                                                                                                                                                                                  SHA1:982296DFA4EC3D5CE111BF5442E2AAC349996E2A
                                                                                                                                                                                                  SHA-256:1FB436A207A9DDABAB9895F29B90BE5ED470C18C1A31559162418AC666B7BDCC
                                                                                                                                                                                                  SHA-512:065ED77F454727CAE8D409ACBAC40D2BD4AACCE70D5334C8D2C45AF331F722860BF251F21AF7CA4B1F877A8ACD9124BACFCE0DF9F1362DFB54263D841900F70D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!this is a Windows NT character-mode executable..$.PE..L..................#..............................@..........................0................... ... ............................... ...............................................................................................................reloc..............................@..B.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\InstTemp0\xbind.script

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):14654
                                                                                                                                                                                                  Entropy (8bit):3.4024334776377843
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:48:POn+AnnK38nUXabs+MiFznBhdUVTn6nLnJ9HnBU+FSBFdv:l+n5o+Fav
                                                                                                                                                                                                  MD5:2703BDDB61A387A55094BD5BC8BBE590
                                                                                                                                                                                                  SHA1:CC94424792FE43970DDA23306F5003D2F27CC243
                                                                                                                                                                                                  SHA-256:D0E1B90BA1DF9772687BAF3EE3559E170A62D9FAE71F7670021A980CF153BF4F
                                                                                                                                                                                                  SHA-512:C95F544CFB3D56D88A0DBBD10620EE3ABD09C79D51968C03CBF0DCFB63846664433FF491C30551982C860738332B76747944C0EBA2A17459EE34FD7853EC28CE
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview:R.O.O.T. .R.o.o.t..... . .C.O.M.P.O.N.E.N.T. .".r.t.\.j.e.t.r.t.\.X.A.W.T.1.0.5.0.5...d.l.l."..... . . . .D.L.L. .".X.M.I.S.1.0.5.0.5...D.L.L.". .=. .".$.(.R.o.o.t.).\.r.t.\.j.e.t.r.t.\.X.M.I.S.1.0.5.0.5...d.l.l."..... . . . .D.L.L. .".X.S.N.D.1.0.5.0.5...D.L.L.". .=. .".$.(.R.o.o.t.).\.r.t.\.j.e.t.r.t.\.X.S.N.D.1.0.5.0.5...d.l.l."..... . . . .D.L.L. .".X.X.M.L.1.0.5.0.5...D.L.L.". .=. .".$.(.R.o.o.t.).\.r.t.\.j.e.t.r.t.\.X.X.M.L.1.0.5.0.5...d.l.l."..... . . . .D.L.L. .".X.K.R.N.1.0.5.0.5...D.L.L.". .=. .".$.(.R.o.o.t.).\.r.t.\.j.e.t.r.t.\.X.K.R.N.1.0.5.0.5...d.l.l."..... . .C.O.M.P.O.N.E.N.T. .".r.t.\.j.e.t.r.t.\.X.C.R.B.1.0.5.0.5...d.l.l."..... . . . .D.L.L. .".X.A.W.T.1.0.5.0.5...D.L.L.". .=. .".$.(.R.o.o.t.).\.r.t.\.j.e.t.r.t.\.X.A.W.T.1.0.5.0.5...d.l.l."..... . . . .D.L.L. .".X.X.M.L.1.0.5.0.5...D.L.L.". .=. .".$.(.R.o.o.t.).\.r.t.\.j.e.t.r.t.\.X.X.M.L.1.0.5.0.5...d.l.l."..... . . . .D.L.L. .".X.S.Q.L.1.0.5.0.5...D.L.L.". .=. .".$.(.R.o.o.t.).\.r.t.\.j.e.t.r.t.\.X.S.Q.L.1.0.5.0.5.

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp

                                                                                                                                                                                                  Download File
                                                                                                                                                                                                  Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):763904
                                                                                                                                                                                                  Entropy (8bit):6.1394838276195305
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:12288:vUibJ42iyV42IaFZ69NXdI3dpBg8wl8SNV/OTIy0d9jWei:v9JcmfI+k9NXdedLg8wl8M/OT90d9+
                                                                                                                                                                                                  MD5:0ABCA3BDB68DC9E74FB7B0535186C8DB
                                                                                                                                                                                                  SHA1:ED9C9940799B002AD85A8BDEADA3EB188C5F7CD4
                                                                                                                                                                                                  SHA-256:0FD581CD7DA9D499073F159454B30375662B5AB8063E153FD622E3164DEAB995
                                                                                                                                                                                                  SHA-512:13E70F88448853902780641DABB0AF19E006D6EAD04342B82449EFE1B433DE86FE41A926B2A9265AEBFCFA816F73E66C3158E68EA6694B53E4781E7946E06B79
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B...,J..,J..,J...J..,J.J..,J...J..,J...J..,J..-JE.,J.J..,J.J..,J.J..,J.J..,J.J..,JRich..,J........PE..L......T...........!......................................................................@..........................h..O...tU..........h........................,..................................P...@...............h............................text.............................. ..`.rdata..............................@..@.data....<...p.......T..............@....rsrc...h............r..............@..@.reloc...F.......H...`..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                  Entropy (8bit):7.999978530419902
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                  File name:file.exe
                                                                                                                                                                                                  File size:24'973'736 bytes
                                                                                                                                                                                                  MD5:af3d3fda1b3964c834c3f6a5d63862e8
                                                                                                                                                                                                  SHA1:550a8e43a1cca0c21bf5b2a5bafe2a0236dae923
                                                                                                                                                                                                  SHA256:6a2ff07c761f66b225d113d7fde579361e4b10e8770d97d734fe92940592a618
                                                                                                                                                                                                  SHA512:8bde4fb5e4a5796d200d6179a7d2b456a9ee0e19aeb9a1071981acfea3c4faa4b261e3b61741d6c4ab205cb1cb3e1d108c55e530adfadd38eb3befa27bfbcd17
                                                                                                                                                                                                  SSDEEP:393216:Lv81Bgzxxd1rEW968co9cBVQPECpEIxYQaYnpH5mAuxvsJkLEzar:LvN3rRU1o9WVQPlX3pYAuxoS
                                                                                                                                                                                                  TLSH:1A4733568888CEC2F60690765D37408EC1B393FE1ECF7785AE9563C58A9CF5868F6E40
                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u...u...u...|...p...u...o.....+.v.......t.......t...Richu...........PE..L......T.....................B......^........0....@

                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                  Icon Hash:2d0c1f36e6e67515

                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Entrypoint:0x40185e
                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                  Time Stamp:0x54C6E1CD [Tue Jan 27 00:54:37 2015 UTC]
                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                  OS Version Minor:1
                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                  File Version Minor:1
                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                  Subsystem Version Minor:1
                                                                                                                                                                                                  Import Hash:136b0a93e2e52edc7479b827cb3a9bba

                                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                                                  Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                  Error Number:0
                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                  • 04/01/2022 01:00:00 04/01/2025 00:59:59
                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                  • CN=HamSphere AB, O=HamSphere AB, S=Sk\xe5ne l\xe4n, C=SE
                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                  Thumbprint MD5:2BF6578C58212354CBEE458564449461
                                                                                                                                                                                                  Thumbprint SHA-1:2C4B34F942187BE317C473913FAE4CCEEDE8B6B6
                                                                                                                                                                                                  Thumbprint SHA-256:82B43446EE151D15CBAE253590D175CACCB0F4BBD6543D07F641B7D2D002875B
                                                                                                                                                                                                  Serial:00DAD6FECA4478D705E9A5D06E13A727DC

                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                  sub esp, 2Ch
                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                  push esi
                                                                                                                                                                                                  push edi
                                                                                                                                                                                                  call 00007F565CF489F8h
                                                                                                                                                                                                  xor ebx, ebx
                                                                                                                                                                                                  inc ebx
                                                                                                                                                                                                  mov esi, ebx
                                                                                                                                                                                                  cmp dword ptr [0054540Ch], ebx
                                                                                                                                                                                                  jle 00007F565CF48D25h
                                                                                                                                                                                                  mov edi, dword ptr [0040305Ch]
                                                                                                                                                                                                  mov eax, dword ptr [00545410h]
                                                                                                                                                                                                  mov eax, dword ptr [eax+esi*4]
                                                                                                                                                                                                  mov cl, byte ptr [eax]
                                                                                                                                                                                                  cmp cl, 0000002Fh
                                                                                                                                                                                                  je 00007F565CF48CD7h
                                                                                                                                                                                                  cmp cl, 0000002Dh
                                                                                                                                                                                                  jne 00007F565CF48D02h
                                                                                                                                                                                                  push 00403150h
                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                  push eax
                                                                                                                                                                                                  call edi
                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                  jne 00007F565CF48CDAh
                                                                                                                                                                                                  mov dword ptr [00545408h], ebx
                                                                                                                                                                                                  jmp 00007F565CF48CEDh
                                                                                                                                                                                                  mov eax, dword ptr [00545410h]
                                                                                                                                                                                                  mov eax, dword ptr [eax+esi*4]
                                                                                                                                                                                                  push 0040314Ch
                                                                                                                                                                                                  inc eax
                                                                                                                                                                                                  push eax
                                                                                                                                                                                                  call edi
                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                  jne 00007F565CF48CD8h
                                                                                                                                                                                                  and dword ptr [00545408h], eax
                                                                                                                                                                                                  inc esi
                                                                                                                                                                                                  cmp esi, dword ptr [0054540Ch]
                                                                                                                                                                                                  jl 00007F565CF48C85h
                                                                                                                                                                                                  mov ebx, 00000200h
                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                  mov esi, 004A5208h
                                                                                                                                                                                                  push esi
                                                                                                                                                                                                  call 00007F565CF48ABEh
                                                                                                                                                                                                  push 00000100h
                                                                                                                                                                                                  push 00000000h
                                                                                                                                                                                                  push esi
                                                                                                                                                                                                  call 00007F565CF489FAh
                                                                                                                                                                                                  mov edi, eax
                                                                                                                                                                                                  add esp, 14h
                                                                                                                                                                                                  cmp edi, FFFFFFFFh
                                                                                                                                                                                                  jne 00007F565CF48CDEh
                                                                                                                                                                                                  push 00000234h
                                                                                                                                                                                                  push 00000002h
                                                                                                                                                                                                  call 00007F565CF4862Ch
                                                                                                                                                                                                  lea eax, dword ptr [esp+10h]
                                                                                                                                                                                                  push eax
                                                                                                                                                                                                  push edi
                                                                                                                                                                                                  call 00007F565CF48B1Eh
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  pop ecx
                                                                                                                                                                                                  test eax, eax
                                                                                                                                                                                                  jne 00007F565CF48CD9h
                                                                                                                                                                                                  push 00000238h
                                                                                                                                                                                                  jmp 00007F565CF48CB3h
                                                                                                                                                                                                  push 00000000h
                                                                                                                                                                                                  push dword ptr [esp+38h]
                                                                                                                                                                                                  push dword ptr [esp+38h]
                                                                                                                                                                                                  push edi
                                                                                                                                                                                                  call 00007F565CF48A0Eh

                                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                  • [ C ] VS2010 build 30319
                                                                                                                                                                                                  • [RES] VS2010 build 30319
                                                                                                                                                                                                  • [LNK] VS2010 build 30319

                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x31580x3c.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1460000x21d8.rsrc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x17cefd00x21d8
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1490000x88.reloc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x30000x70.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                  Sections

                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                  .text0x10000x107e0x1200981a2df15d297f850d37c2bc239f8afaFalse0.6770833333333334data6.282139716969719IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .rdata0x30000x3b00x4002cf09524c4a88850401f3368026eaac3False0.509765625data4.48616605104258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .data0x40000x1414140x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .rsrc0x1460000x21d80x2200651e72b1b691dfa47a87c35075100899False0.5569852941176471data5.9184038726988115IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .reloc0x1490000x4800x600f82c3ab08d55b7ad80a8c698b9781beaFalse0.10221354166666667data0.8623489585238648IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                  Resources

                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                  RT_ICON0x1461500xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.4949360341151386
                                                                                                                                                                                                  RT_ICON0x146ff80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.6430505415162455
                                                                                                                                                                                                  RT_ICON0x1478a00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.759393063583815
                                                                                                                                                                                                  RT_GROUP_ICON0x147e080x30dataEnglishUnited States0.875
                                                                                                                                                                                                  RT_MANIFEST0x147e380x39bXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.457204767063922

                                                                                                                                                                                                  Imports

                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                  KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, ExitProcess, ReadFile, WriteFile, CloseHandle, DeleteFileA, CreateDirectoryA, lstrlenA, LoadLibraryA, GetProcAddress, FreeLibrary, GetStdHandle, GetCommandLineA, CreateFileA, GetLastError, SetFilePointer, GetModuleFileNameA, GetTempFileNameA, lstrcatA, GetWindowsDirectoryA, GetTempPathA, lstrcmpA
                                                                                                                                                                                                  USER32.dllwsprintfA, MessageBoxA

                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.894942045 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.900408983 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.900531054 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.902034998 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.907367945 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.951812029 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.951857090 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.951909065 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.951931000 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.951967001 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952001095 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952008009 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952035904 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952070951 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952079058 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952105999 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952140093 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952147961 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952173948 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952208042 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952217102 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.957899094 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.957937002 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.957966089 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.957973957 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.958019018 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.958051920 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.958092928 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.958127975 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.958137035 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.958240032 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.958276033 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.958285093 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.959095001 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.959147930 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.959150076 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.959182978 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.959218979 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.959228039 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.959276915 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.959326029 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.963596106 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.963669062 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.963720083 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994482040 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994535923 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994573116 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994586945 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994635105 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994671106 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994678974 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994704962 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994741917 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994748116 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994913101 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994945049 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994957924 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.994980097 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.995013952 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.995024920 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.995048046 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.995081902 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.995095015 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.995116949 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.995157003 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115122080 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115257978 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115317106 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115354061 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115390062 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115425110 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115442038 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115459919 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115494967 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115509033 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115528107 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115562916 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115572929 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115597010 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115631104 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115641117 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115667105 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.115710974 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.116099119 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.160209894 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.382232904 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.382285118 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384027958 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384067059 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384118080 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384170055 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384226084 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384260893 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384268999 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384295940 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384337902 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384346008 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384408951 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.384500027 CEST5329580192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.390105009 CEST805329562.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.550501108 CEST5329780192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.556224108 CEST805329762.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.556322098 CEST5329780192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.556798935 CEST5329780192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.556854963 CEST5329780192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.562201977 CEST805329762.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.562362909 CEST805329762.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.426599979 CEST805329762.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.443234921 CEST5329780192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.449170113 CEST805329762.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.451364994 CEST5329780192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.471796036 CEST5329880192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.477217913 CEST805329862.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.477432966 CEST5329880192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.477823019 CEST5329880192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.483107090 CEST805329862.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.310101032 CEST805329862.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.311089993 CEST5329880192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.316987991 CEST805329862.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.317055941 CEST5329880192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.433543921 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.439066887 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.439157963 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.441452026 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.446866035 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.256962061 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257002115 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257025957 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257041931 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257057905 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257112026 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257128000 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257143974 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257158995 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257174969 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257246971 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257246971 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257246971 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.262715101 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.262732029 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.262747049 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.262797117 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.375781059 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.375824928 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.375859022 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.375893116 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.376045942 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.376045942 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.376106977 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.376158953 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.376194000 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.376219988 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.376245975 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.376317978 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.376933098 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.376969099 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.377002954 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.377027035 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.377139091 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.377190113 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.494510889 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.494549990 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.494585037 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.494601011 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.494677067 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.494743109 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.495687962 CEST5330080192.168.2.862.210.190.21
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.501718998 CEST805330062.210.190.21192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.501789093 CEST5330080192.168.2.862.210.190.21

                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Oct 23, 2024 15:34:36.526770115 CEST5363132162.159.36.2192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.149867058 CEST6197053192.168.2.81.1.1.1
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.157644987 CEST53619701.1.1.1192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.865330935 CEST5698453192.168.2.81.1.1.1
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.884975910 CEST53569841.1.1.1192.168.2.8
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.327878952 CEST5147253192.168.2.81.1.1.1
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.431488991 CEST53514721.1.1.1192.168.2.8

                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.149867058 CEST192.168.2.81.1.1.10x7b9dStandard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.865330935 CEST192.168.2.81.1.1.10x7dStandard query (0)hs4.hamsphere.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.327878952 CEST192.168.2.81.1.1.10xc536Standard query (0)hs40.hamsphere.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.157644987 CEST1.1.1.1192.168.2.80x7b9dName error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.884975910 CEST1.1.1.1192.168.2.80x7dNo error (0)hs4.hamsphere.com62.210.190.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.431488991 CEST1.1.1.1192.168.2.80xc536No error (0)hs40.hamsphere.com62.210.190.21A (IP address)IN (0x0001)false

                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                  • hs4.hamsphere.com
                                                                                                                                                                                                  • hs40.hamsphere.com

                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  0192.168.2.85329562.210.190.21803284C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Oct 23, 2024 15:34:37.902034998 CEST168OUTGET /antennas.php HTTP/1.1
                                                                                                                                                                                                  User-Agent: Java/1.7.0_55
                                                                                                                                                                                                  Host: hs4.hamsphere.com
                                                                                                                                                                                                  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.951812029 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 13:34:37 GMT
                                                                                                                                                                                                  Server: Apache/2.2.15 (CentOS)
                                                                                                                                                                                                  X-Powered-By: PHP/5.3.3
                                                                                                                                                                                                  Set-Cookie: phorum_session_st=deleted; expires=Tue, 24-Oct-2023 13:34:36 GMT; path=/
                                                                                                                                                                                                  Set-Cookie: phorum_session_v5=deleted; expires=Tue, 24-Oct-2023 13:34:36 GMT; path=/
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Content-Type: text/xml
                                                                                                                                                                                                  Data Raw: 31 30 36 65 32 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 61 6e 74 65 6e 6e 61 73 3e 0a 3c 61 6e 74 65 6e 6e 61 20 6e 61 6d 65 3d 22 69 73 6f 74 72 6f 70 65 22 20 61 63 74 69 76 65 3d 20 22 30 22 20 73 68 6f 72 74 6e 61 6d 65 3d 22 49 73 6f 74 72 6f 70 65 22 20 6c 6f 6e 67 6e 61 6d 65 3d 22 49 73 6f 74 72 6f 70 65 20 28 4e 6f 74 20 61 63 74 69 76 65 29 22 20 74 68 65 6f 72 64 65 72 3d 22 30 22 20 62 61 6e 64 3d 22 30 22 20 62 61 6e 64 73 3d 22 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 22 20 61 6e 74 74 79 70 65 3d 22 30 22 20 67 61 69 6e 3d 22 31 2e 37 36 30 30 30 30 22 20 61 6e 74 6d 6f 64 65 3d 22 53 22 20 63 6f 6d 62 6f 3d 22 22 2f 3e 0a 3c 61 6e 74 65 6e 6e 61 20 6e 61 6d 65 3d 22 38 65 6c 79 31 30 2e 76 6f 61 22 20 61 63 74 69 76 65 3d 20 22 31 22 20 73 68 6f 72 74 6e 61 6d 65 3d 22 38 20 45 6c 65 6d 65 6e 74 20 59 61 67 69 20 28 31 30 6d 29 22 20 6c 6f 6e 67 6e 61 6d 65 3d 22 31 30 2d 6d 65 74 65 72 20 59 61 67 69 20 38 20 65 6c 65 6d 65 6e 74 73 20 61 74 [TRUNCATED]
                                                                                                                                                                                                  Data Ascii: 106e2<?xml version="1.0"?><antennas><antenna name="isotrope" active= "0" shortname="Isotrope" longname="Isotrope (Not active)" theorder="0" band="0" bands="0000000000000000" anttype="0" gain="1.760000" antmode="S" combo=""/><antenna name="8ely10.voa" active= "1" shortname="8 Element Yagi (10m)" longname="10-meter Yagi 8 elements at 35' above average ground" theorder="1" band="12" bands="0000100000000000" anttype="1" gain="13.300000" antmode="S" combo=""/><antenna name="8ely40.voa" active= "1" shortname="8 element Yagi (40m)" longname="40-meter Yagi 8 elements at 100ft above average ground" theorder="2" band="5" bands="0000000000010000" anttype="1" gain="13.300000" antmode="S" combo=""/><antenna name="3elq15.voa" active= "1" shortname="3 Element Quad (15m)" longname="15-meter 3-element high-gain quad at 95ft above average ground" theorder="3" band="9" bands="000
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.951857090 CEST212INData Raw: 30 30 30 30 31 30 30 30 30 30 30 30 30 22 20 61 6e 74 74 79 70 65 3d 22 31 22 20 67 61 69 6e 3d 22 38 2e 36 30 30 30 30 30 22 20 61 6e 74 6d 6f 64 65 3d 22 53 22 20 63 6f 6d 62 6f 3d 22 22 2f 3e 0a 3c 61 6e 74 65 6e 6e 61 20 6e 61 6d 65 3d 22 31
                                                                                                                                                                                                  Data Ascii: 0000100000000" anttype="1" gain="8.600000" antmode="S" combo=""/><antenna name="135iv40.voa" active= "1" shortname="Inverted V (40m)" longname="135ft 30-degree inverted-V, 40 meters, 55ft above average ground" t
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.951931000 CEST1236INData Raw: 68 65 6f 72 64 65 72 3d 22 34 22 20 62 61 6e 64 3d 22 35 22 20 62 61 6e 64 73 3d 22 30 30 30 30 30 30 30 30 30 30 30 31 30 30 30 30 22 20 61 6e 74 74 79 70 65 3d 22 31 22 20 67 61 69 6e 3d 22 32 2e 31 35 30 30 30 30 22 20 61 6e 74 6d 6f 64 65 3d
                                                                                                                                                                                                  Data Ascii: heorder="4" band="5" bands="0000000000010000" anttype="1" gain="2.150000" antmode="S" combo=""/><antenna name="160dip.voa" active= "1" shortname="Folded Dipole (160m)" longname="165 ft terminated folded dipole, 160 meters, 95 ft above average
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.951967001 CEST1236INData Raw: 30 30 30 30 30 30 22 20 61 6e 74 74 79 70 65 3d 22 30 22 20 67 61 69 6e 3d 22 34 2e 35 30 30 30 30 30 22 20 61 6e 74 6d 6f 64 65 3d 22 53 22 20 63 6f 6d 62 6f 3d 22 22 2f 3e 0a 3c 61 6e 74 65 6e 6e 61 20 6e 61 6d 65 3d 22 36 65 6c 71 32 30 2e 76
                                                                                                                                                                                                  Data Ascii: 000000" anttype="0" gain="4.500000" antmode="S" combo=""/><antenna name="6elq20.voa" active= "1" shortname="6 element Quad (20m)" longname="20-meter 6-element quad at 95' above average ground" theorder="10" band="7" bands="0000000001000000" a
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952001095 CEST1236INData Raw: 70 6f 6c 65 20 77 69 74 68 20 32 35 36 20 52 61 64 69 61 6c 73 20 28 38 30 6d 29 22 20 74 68 65 6f 72 64 65 72 3d 22 31 35 22 20 62 61 6e 64 3d 22 32 22 20 62 61 6e 64 73 3d 22 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 22 20 61 6e 74 74 79
                                                                                                                                                                                                  Data Ascii: pole with 256 Radials (80m)" theorder="15" band="2" bands="0000000000000010" anttype="0" gain="5.500000" antmode="S" combo=""/><antenna name="mon160bb.voa" active= "1" shortname="GP Monopole (160m)" longname="GP Monopole with 256 Radials (160
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952035904 CEST636INData Raw: 20 6e 61 6d 65 3d 22 38 30 6d 5f 4e 56 49 53 2e 76 6f 61 22 20 61 63 74 69 76 65 3d 20 22 31 22 20 73 68 6f 72 74 6e 61 6d 65 3d 22 4e 56 49 53 20 28 38 30 6d 29 20 47 6f 6f 64 20 47 4e 44 22 20 6c 6f 6e 67 6e 61 6d 65 3d 22 4e 56 49 53 20 61 6e
                                                                                                                                                                                                  Data Ascii: name="80m_NVIS.voa" active= "1" shortname="NVIS (80m) Good GND" longname="NVIS antenna for 80m with extremely good ground" theorder="21" band="1" bands="0000000000000010" anttype="1" gain="9.000000" antmode="S" combo=""/><antenna name="8ely1
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952070951 CEST1236INData Raw: 3d 22 32 22 20 62 61 6e 64 73 3d 22 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 30 22 20 61 6e 74 74 79 70 65 3d 22 31 22 20 67 61 69 6e 3d 22 31 33 2e 33 30 30 30 30 30 22 20 61 6e 74 6d 6f 64 65 3d 22 53 22 20 63 6f 6d 62 6f 3d 22 22 2f 3e 0a
                                                                                                                                                                                                  Data Ascii: ="2" bands="0000000000000010" anttype="1" gain="13.300000" antmode="S" combo=""/><antenna name="delta40.voa" active= "1" shortname="Equ Delta Loop (40m)" longname="Equilateral Delta Loop for 40m with 30ft base height, very good ground" theord
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952105999 CEST1236INData Raw: 22 20 61 6e 74 6d 6f 64 65 3d 22 53 22 20 63 6f 6d 62 6f 3d 22 22 2f 3e 0a 3c 61 6e 74 65 6e 6e 61 20 6e 61 6d 65 3d 22 33 65 6c 34 30 2e 76 6f 61 22 20 61 63 74 69 76 65 3d 20 22 30 22 20 73 68 6f 72 74 6e 61 6d 65 3d 22 33 20 45 6c 65 6d 65 6e
                                                                                                                                                                                                  Data Ascii: " antmode="S" combo=""/><antenna name="3el40.voa" active= "0" shortname="3 Element Yagi (40m)" longname="40-meter Yagi 3 elements short boom at 100ft above average ground" theorder="29" band="5" bands="0000000000010000" anttype="1" gain="7.10
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952140093 CEST1236INData Raw: 43 61 72 64 69 6f 69 64 20 41 6e 74 65 6e 6e 61 20 28 34 30 6d 29 22 20 6c 6f 6e 67 6e 61 6d 65 3d 22 43 61 72 64 69 6f 69 64 20 41 6e 74 65 6e 6e 61 20 28 34 30 6d 29 22 20 74 68 65 6f 72 64 65 72 3d 22 33 34 22 20 62 61 6e 64 3d 22 35 22 20 62
                                                                                                                                                                                                  Data Ascii: Cardioid Antenna (40m)" longname="Cardioid Antenna (40m)" theorder="34" band="5" bands="0000000000010000" anttype="1" gain="7.800000" antmode="P" combo=""/><antenna name="c075v20.voa" active= "1" shortname="V-Collinear (20m)" longname="Vertic
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952173948 CEST636INData Raw: 74 65 6e 6e 61 20 6e 61 6d 65 3d 22 36 30 6d 38 65 6c 59 61 2e 6e 31 33 22 20 61 63 74 69 76 65 3d 20 22 31 22 20 73 68 6f 72 74 6e 61 6d 65 3d 22 38 20 45 6c 65 6d 65 6e 74 20 59 61 67 69 20 28 36 30 6d 29 22 20 6c 6f 6e 67 6e 61 6d 65 3d 22 38
                                                                                                                                                                                                  Data Ascii: tenna name="60m8elYa.n13" active= "1" shortname="8 Element Yagi (60m)" longname="8-element Yagi at 95 ft (60m)" theorder="40" band="3" bands="000000000000100" anttype="1" gain="13.000000" antmode="S" combo=""/><antenna name="IDC16048.n13" act
                                                                                                                                                                                                  Oct 23, 2024 15:34:38.952208042 CEST1236INData Raw: 6f 6d 62 6f 3d 22 22 2f 3e 0a 3c 61 6e 74 65 6e 6e 61 20 6e 61 6d 65 3d 22 4d 4f 4e 4f 2d 36 30 6d 2e 6e 31 33 22 20 61 63 74 69 76 65 3d 20 22 31 22 20 73 68 6f 72 74 6e 61 6d 65 3d 22 47 50 20 4d 6f 6e 6f 70 6f 6c 65 20 28 36 30 6d 29 22 20 6c
                                                                                                                                                                                                  Data Ascii: ombo=""/><antenna name="MONO-60m.n13" active= "1" shortname="GP Monopole (60m)" longname="GP Monopole with 256 Radials (60m)" theorder="43" band="3" bands="0000000000000100" anttype="0" gain="5.000000" antmode="S" combo=""/><antenna name="60


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  1192.168.2.85329762.210.190.21803284C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.556798935 CEST243OUTPOST /getremotenames.php HTTP/1.1
                                                                                                                                                                                                  User-Agent: Java/1.7.0_55
                                                                                                                                                                                                  Host: hs4.hamsphere.com
                                                                                                                                                                                                  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  Content-type: application/x-www-form-urlencoded
                                                                                                                                                                                                  Content-Length: 3
                                                                                                                                                                                                  Oct 23, 2024 15:34:39.556854963 CEST6OUTData Raw: 69 64 3d
                                                                                                                                                                                                  Data Ascii: id=
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.426599979 CEST396INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 13:34:39 GMT
                                                                                                                                                                                                  Server: Apache/2.2.15 (CentOS)
                                                                                                                                                                                                  X-Powered-By: PHP/5.3.3
                                                                                                                                                                                                  Set-Cookie: phorum_session_st=deleted; expires=Tue, 24-Oct-2023 13:34:38 GMT; path=/
                                                                                                                                                                                                  Set-Cookie: phorum_session_v5=deleted; expires=Tue, 24-Oct-2023 13:34:38 GMT; path=/
                                                                                                                                                                                                  Content-Length: 32
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Data Raw: 68 61 6d 73 70 68 65 72 65 5f 72 69 67 5f 73 63 65 6e 65 5f 33 48 53 37 34 37 34 25 37 43 0a 0a
                                                                                                                                                                                                  Data Ascii: hamsphere_rig_scene_3HS7474%7C


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  2192.168.2.85329862.210.190.21803284C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Oct 23, 2024 15:34:40.477823019 CEST166OUTGET /news40.php HTTP/1.1
                                                                                                                                                                                                  User-Agent: Java/1.7.0_55
                                                                                                                                                                                                  Host: hs4.hamsphere.com
                                                                                                                                                                                                  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.310101032 CEST1006INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 13:34:40 GMT
                                                                                                                                                                                                  Server: Apache/2.2.15 (CentOS)
                                                                                                                                                                                                  X-Powered-By: PHP/5.3.3
                                                                                                                                                                                                  Content-Length: 813
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 48 61 6d 53 70 68 65 72 65 20 34 2e 30 20 4e 65 77 73 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 6d 61 72 67 69 6e 68 65 69 67 68 74 3d 22 30 22 20 6d 61 72 67 69 6e 77 69 64 74 68 3d 22 30 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 30 70 78 3b 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 70 78 3b 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 30 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 74 61 62 6c 65 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 35 3e 0a 3c 74 72 3e 3c 74 64 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 32 3e 57 65 20 61 72 65 20 6d 6f 76 69 6e 67 3c 2f 68 32 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 74 64 3e 0a 3c 2f 74 72 3e [TRUNCATED]
                                                                                                                                                                                                  Data Ascii: <html><head><title>HamSphere 4.0 News</title></head><body marginheight="0" marginwidth="0" style="font-family:arial; color:#000000; background-color:#ffffff; margin-top: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px;padding:0;"><center><table cellpadding=5><tr><td><center><h2>We are moving</h2></center></td></tr><tr><td><b><center>HamSphere 4.0 is migrating to HamSphere 5.0<br>on 1 March 2023 at 00:00 UTC.</a></center></b></td></tr><tr><td><center><a href="https://hs50.hamsphere.com?external" border=0><img border=0 src="http://hs40.hamsphere.com/images/hs5logo.jpg" width=300 height=100></a></center></td></tr><tr><td><center><a href="https://hs50.hamsphere.com/?external"><b>Click here to download HamSphere 5.0</a></b></center></td></tr></table></center></body></html>


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  3192.168.2.85330062.210.190.21803284C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  Oct 23, 2024 15:34:41.441452026 CEST175OUTGET /images/hs5logo.jpg HTTP/1.1
                                                                                                                                                                                                  User-Agent: Java/1.7.0_55
                                                                                                                                                                                                  Host: hs40.hamsphere.com
                                                                                                                                                                                                  Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.256962061 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Wed, 23 Oct 2024 13:34:41 GMT
                                                                                                                                                                                                  Server: Apache/2.2.15 (CentOS)
                                                                                                                                                                                                  Last-Modified: Fri, 03 Feb 2023 22:16:50 GMT
                                                                                                                                                                                                  ETag: "5f42fe4-8185-5f3d309b41880"
                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                  Content-Length: 33157
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Content-Type: image/jpeg
                                                                                                                                                                                                  Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff ee 00 0e 41 64 6f 62 65 00 64 c0 00 00 00 01 ff db 00 84 00 06 04 04 04 05 04 06 05 05 06 09 06 05 06 09 0b 08 06 06 08 0b 0c 0a 0a 0b 0a 0a 0c 10 0c 0c 0c 0c 0c 0c 10 0c 0e 0f 10 0f 0e 0c 13 13 14 14 13 13 1c 1b 1b 1b 1c 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 01 07 07 07 0d 0c 0d 18 10 10 18 1a 15 11 15 1a 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f ff c0 00 11 08 01 48 03 ef 03 01 11 00 02 11 01 03 11 01 ff c4 00 ba 00 01 00 02 02 03 01 00 00 00 00 00 00 00 00 00 00 00 07 08 01 06 02 04 05 03 01 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 05 06 01 04 07 03 02 10 00 02 01 02 03 04 05 07 06 09 09 06 06 02 03 00 00 01 02 03 04 11 05 06 21 31 12 07 41 51 61 71 b1 91 22 32 72 13 36 08 81 a1 c1 b2 73 14 42 52 62 82 23 33 34 35 26 f0 d1 e1 92 a2 53 63 15 25 c2 43 [TRUNCATED]
                                                                                                                                                                                                  Data Ascii: ExifII*Ducky<AdobedH!1AQaq"2r6sBRb#345&Sc%C$UTEDdt!13Aq2Q"a#B4Rr$bC?
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257002115 CEST212INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                  Data Ascii:
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257025957 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c b0 33 c8 73 a7 46 a5 49 28 d3 8b 94 9e c4 92 13 48 8a cc b3 ec da b2 3e 5a ea 4c d2 49 c6 83 85 39 6e 93 7d 64 6e 6d
                                                                                                                                                                                                  Data Ascii: 3sFI(H>ZLI9n}dnm?V=.Kuq8Tw9<ONGhpO|v{y1, %ob0oG29]P]dU>2Kf""x&fjC4usmcAn+k/x{W|
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257041931 CEST1236INData Raw: 82 4a ac 31 94 b1 ed 2b ba ff 00 1a 8e 76 25 b4 bb b5 39 a6 3c bf 31 b2 cc a8 46 e6 d2 ac 6a 53 9a 52 49 3d ab 15 8e d4 53 b5 18 27 1c cc 4c 72 4e e0 cf 17 c5 5f 7a db 68 55 f5 19 e7 86 7e f8 7d e5 f8 2a 57 32 16 1a b2 ff 00 ed 3e 83 ad 6d fd a8
                                                                                                                                                                                                  Data Ascii: J1+v%9<1FjSRI=S'LrN_zhU~}*W2>mQ_9j\2%.C5]o+C[g+[~\&.#wOgP:\LgxomBS+g9}erlO*s
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257057905 CEST1236INData Raw: 5f be f7 e5 6f da be 0d c1 6f 21 12 91 c9 5f 39 ef 53 0c d5 c7 ad fd 07 48 f1 be ca 9f ba fc d1 11 63 45 cb 0c 0c 01 cb 66 02 85 24 c0 cb 34 60 c3 0c fc 80 a3 03 8b 07 49 98 e2 cb 06 24 00 ca 33 13 03 38 0a c1 cd 94 22 94 22 1d 8b 0b 0b ab eb 88
                                                                                                                                                                                                  Data Ascii: _oo!_9SHcEf$4`I$38""[Asx$'Le"g$\9%VQ{9{Un#E^S4sM+b'4<QY-]=^BjcN\&RXgH9%k0ECcP{+;[zmm_
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257112026 CEST1236INData Raw: 0a b1 70 7f da 48 94 b3 2c 5d c6 26 ad 29 b2 e8 e7 0e b3 58 77 9e b1 2f 86 0c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fb da 6c b8 a7 de bc 44 cf db 2c f2 98 5b 4e 5c bc 74 b5 b7 ab 13 95 ef 53 fb d2 b9 6d d3 1d 0d 9d 7d 0c 87 6f dc ad 5c f4
                                                                                                                                                                                                  Data Ascii: pH,]&)Xw/lD,[N\tSm}o\Xj:oTq}9ekQt|W-"R9+>a7S_),haRxE9>[JX6|Vsl-.jj_/`fO3k>OnwFT
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257128000 CEST1236INData Raw: 67 4f 24 25 79 67 71 67 71 3a 15 e2 e1 52 0d a6 9f 66 c2 e1 66 48 be 3a a3 d5 09 75 b4 9a 3a e7 d3 e5 95 d8 07 7a 86 4d 98 d6 b6 fb cd 2a 52 95 2d d8 a4 fa 0f 39 cb 11 ea cd 25 d6 95 ad c4 5f 9d 4a 6b be 2c fb 8b a2 4a 4b e6 e3 25 bc cb 0e 20 00
                                                                                                                                                                                                  Data Ascii: gO$%ygqgq:RffH:u:zM*R-9%_Jk,JK% F`ru4%Cwy~Y=f&/rdco$;i_i]=IG/><w]n4oT)BU$cF_u9m/)f\Mb-nhY
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257143974 CEST1060INData Raw: 3e aa e6 f6 99 c8 db a3 0a b1 ba bb 86 3c 74 63 b3 02 7f 45 b0 e4 cb c6 63 82 2f 51 b9 5b 8f 93 5e c9 fe 20 72 9b ab bf 65 77 6b f7 5a 6d e1 ed 25 2c 77 9b fa 8f 17 9b 6d ad bc 5a f8 77 78 be 78 a5 1c b7 31 b2 cc ac e1 79 65 55 55 a1 52 38 c6 4b
                                                                                                                                                                                                  Data Ascii: ><tcEc/Q[^ rewkZm%,wmZwxx1yeUUR8KE[>]t&1o5ry5-*Y{.UN%K>UQnFOtA?).rT4Kal'>=zw#B 67YdYI#Qg
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257158995 CEST1236INData Raw: d6 00 c8 01 22 d7 f2 9b dd 1b 7f cd f0 47 2f df fb eb 86 d5 f0 6e 44 1c 25 23 92 b5 f3 d5 e3 aa e6 bb 57 81 d2 bc 7b b2 a7 ee 9d d4 64 58 a5 18 f5 b4 cc 78 b3 cb 2e ca b0 7f da 46 be b2 62 31 5d ec f5 c3 34 be 17 1a d1 af bb 52 ee 5e 07 21 cf dc
                                                                                                                                                                                                  Data Ascii: "G/nD%#W{dXx.Fb1]4R^!W|mngsy"7A'(x_kO_PiCqm:O(-kukyEVq|fNOLkm)()ghh8zTLU`uLwu[m&>+;
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.257174969 CEST1236INData Raw: 2d 5b 4f 8f ce 48 ea bf 94 a1 75 7b 9c db 33 10 8d 97 3d b5 cf b5 e2 95 4a 38 63 b5 7b 38 ee 2c 5f f5 cd 34 7a 22 67 74 cb 32 90 f4 47 3b ec f3 4a d4 ac b3 68 7b 2b 89 ec 75 9f 0c 60 41 6e 3e 3b f8 e2 6e b5 27 a5 dd ba b8 4a 55 84 e1 38 46 70 97
                                                                                                                                                                                                  Data Ascii: -[OHu{3=J8c{8,_4z"gt2G;Jh{+u`An>;n'JU8Fp$P).wiFTNeLYf|g-bo9c#6U/YICQgy#.-#I1%jS\0Fu+ztJs%pKc3]oG+"t
                                                                                                                                                                                                  Oct 23, 2024 15:34:42.262715101 CEST1236INData Raw: b0 d9 39 7d 7d 3b 3d 51 6b 56 0f 06 fc d7 f2 e0 47 6e 98 fa b0 dc da d2 df 4c 90 b7 54 e5 c5 4e 2f ad 27 f3 1c 9a f8 a5 d2 bb db c6 21 cb 1e 15 8b dc 97 f3 b3 16 5b 59 66 f9 a4 2a bf 36 35 5d d6 77 a9 6e 29 49 b8 d1 b4 6e 8c 62 b7 3e 16 de 27 53
                                                                                                                                                                                                  Data Ascii: 9}};=QkVGnLTN/'![Yf*65]wn)Inb>'S4QO~n>/bj|yMdJshNsD=SE]bKLUm-SVqmw8N<}3_Y20u3|(%%R)IXNSN,_z8`izU^f88N


                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                  Start time:09:34:03
                                                                                                                                                                                                  Start date:23/10/2024
                                                                                                                                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                  Imagebase:0xfc0000
                                                                                                                                                                                                  File size:24'973'736 bytes
                                                                                                                                                                                                  MD5 hash:AF3D3FDA1B3964C834C3F6A5D63862E8
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                  Start time:09:34:34
                                                                                                                                                                                                  Start date:23/10/2024
                                                                                                                                                                                                  Path:C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\HamSphere\HamSphere_4.010a\HamSphere_4.010a.exe"
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  File size:1'669'320 bytes
                                                                                                                                                                                                  MD5 hash:9A2475E8E690A6A120A1C8738E9AB043
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                  • Detection: 5%, ReversingLabs
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:34.6%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:25.9%
                                                                                                                                                                                                    Total number of Nodes:81
                                                                                                                                                                                                    Total number of Limit Nodes:7
                                                                                                                                                                                                    execution_graph 560 fc12dc 561 fc11ce ReadFile 560->561 562 fc12f0 561->562 462 fc185e 492 fc158c GetCommandLineA 462->492 464 fc18c9 496 fc16c3 GetModuleFileNameA 464->496 466 fc1869 466->464 467 fc1890 lstrcmpA 466->467 467->466 469 fc18a5 lstrcmpA 467->469 469->466 471 fc18f1 544 fc1254 471->544 474 fc18e7 474->471 476 fc1936 474->476 506 fc1751 474->506 513 fc165e 474->513 521 fc1181 GetProcessHeap RtlAllocateHeap 476->521 478 fc1940 483 fc160c 7 API calls 478->483 484 fc1947 478->484 522 fc1310 478->522 541 fc11f5 WriteFile 478->541 543 fc1195 GetProcessHeap RtlFreeHeap 478->543 480 fc1254 6 API calls 480->478 483->478 484->480 487 fc19a9 CloseHandle 487->478 488 fc19c8 LoadLibraryA 487->488 488->484 489 fc19e8 GetProcAddress 488->489 489->484 490 fc1a0e 489->490 491 fc1a1f ExitProcess 490->491 493 fc15ae 492->493 495 fc15d5 493->495 552 fc1181 GetProcessHeap RtlAllocateHeap 493->552 495->466 497 fc16d7 496->497 498 fc16e3 496->498 499 fc1254 6 API calls 497->499 500 fc160c 498->500 499->498 501 fc162b CreateFileA 500->501 502 fc1619 500->502 501->474 502->501 503 fc1622 502->503 504 fc1254 6 API calls 503->504 504->501 507 fc165e 8 API calls 506->507 508 fc1768 507->508 509 fc165e 8 API calls 508->509 512 fc1845 508->512 511 fc178d 509->511 511->512 553 fc11ce ReadFile 511->553 512->474 514 fc166c 513->514 515 fc1686 SetFilePointer 513->515 516 fc167e 514->516 519 fc1672 514->519 517 fc16a9 GetLastError 515->517 518 fc16b3 515->518 516->515 517->518 518->474 520 fc1254 6 API calls 519->520 520->516 521->478 523 fc11ce ReadFile 522->523 529 fc1325 523->529 524 fc11ce ReadFile 524->529 525 fc1254 6 API calls 525->529 528 fc132d 528->525 529->524 529->528 530 fc1454 CloseHandle 529->530 555 fc1181 GetProcessHeap RtlAllocateHeap 529->555 556 fc1195 GetProcessHeap RtlFreeHeap 529->556 531 fc16e4 GetTempPathA 530->531 557 fc122c lstrlenA 531->557 533 fc16fe 534 fc1731 GetTempFileNameA 533->534 535 fc1703 GetWindowsDirectoryA lstrcatA 533->535 537 fc174e 534->537 538 fc1725 534->538 536 fc122c 2 API calls 535->536 539 fc1720 536->539 537->478 540 fc1254 6 API calls 538->540 539->534 539->538 540->534 542 fc1212 541->542 542->478 543->487 545 fc125b wsprintfA 544->545 547 fc12a8 lstrlenA GetStdHandle 545->547 548 fc12c4 MessageBoxA 545->548 549 fc11f5 WriteFile 547->549 550 fc12d4 ExitProcess 548->550 551 fc12bf 549->551 551->550 552->495 554 fc11eb 553->554 554->511 555->529 556->529 558 fc123f 557->558 559 fc1246 CreateDirectoryA 557->559 558->559 559->533

                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    • Opacity -> Relevance
                                                                                                                                                                                                    • Disassembly available
                                                                                                                                                                                                    callgraph 0 Function_00FC1AFF 5 Function_00FC1A29 0->5 1 Function_00FC11F5 2 Function_00FC1C31 2->0 3 Function_00FC122C 4 Function_00FC11A9 6 Function_00FC1A6A 6->5 7 Function_00FC16E4 7->3 14 Function_00FC1254 7->14 8 Function_00FC1AA6 8->5 9 Function_00FC121C 10 Function_00FC12DC 24 Function_00FC11CE 10->24 11 Function_00FC1B9D 11->0 12 Function_00FC185E 12->1 12->7 12->9 13 Function_00FC165E 12->13 12->14 15 Function_00FC1195 12->15 17 Function_00FC1310 12->17 18 Function_00FC1751 12->18 21 Function_00FC160C 12->21 22 Function_00FC158C 12->22 27 Function_00FC1181 12->27 28 Function_00FC16C3 12->28 13->14 14->1 16 Function_00FC1456 17->14 17->15 17->24 25 Function_00FC1D05 17->25 26 Function_00FC1000 17->26 17->27 18->4 18->13 18->24 19 Function_00FC1C92 19->0 19->11 20 Function_00FC1BD2 20->0 21->14 22->16 22->27 23 Function_00FC1C0D 23->0 25->0 25->2 25->6 25->8 25->11 25->19 25->20 25->23 28->14

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 00FC185E Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 154librarystringloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00FC158C: GetCommandLineA.KERNEL32(?,?,?,?,?,?,00FC1869), ref: 00FC1594
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,batch), ref: 00FC1897
                                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,gui), ref: 00FC18B4
                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 00FC1968
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00FC19AD
                                                                                                                                                                                                    • LoadLibraryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp), ref: 00FC19C8
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EntryPoint), ref: 00FC19EE
                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00FC19F9
                                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000), ref: 00FC1A13
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00FC1A22
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Library$CloseFreeHandlelstrcmp$AddressCommandExitLineLoadProcProcess
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp$EntryPoint$batch$gui$Wu$.Wu`1Wu
                                                                                                                                                                                                    • API String ID: 3670360002-572609179
                                                                                                                                                                                                    • Opcode ID: c0ee1a286842e00298d797d24e6add123e2e5a03c2e95d562390b9943212cb0a
                                                                                                                                                                                                    • Instruction ID: 0643cc3b84dbaccec2aa7b426631d2fd726180ee8db4b20ecbd1090025f6ad8c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0ee1a286842e00298d797d24e6add123e2e5a03c2e95d562390b9943212cb0a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6641E476E44203BBE3117B648E47FBA3298BF437A4F15012CF150A61C3DA7C9961B666
                                                                                                                                                                                                    Function 00FC1195 Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 135 fc1195-fc11a8 GetProcessHeap RtlFreeHeap
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000200,00FC140B,?,00000000,?,C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp,00000000,?,?,00000000,00000000,00FC195E,00000000,C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp,00000200), ref: 00FC119B
                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000), ref: 00FC11A2
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                                                    • Opcode ID: c5e25e62366c493262837c1bd0e70af47250ed19ebf829383878a22f3abafc97
                                                                                                                                                                                                    • Instruction ID: e73d1bce8e19e15021f7fd554bce16f8a7980a347a43188e2c79ebc6a690f428
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5e25e62366c493262837c1bd0e70af47250ed19ebf829383878a22f3abafc97
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5B00277584204BBDE415BE09F0EF097F65BB44746F008444F349C6064CA754554FF15
                                                                                                                                                                                                    Function 00FC16E4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 38stringCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\,75572EE0,C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp,00FC1971,C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp,00000200), ref: 00FC16F2
                                                                                                                                                                                                      • Part of subcall function 00FC122C: lstrlenA.KERNEL32(00FC16FE,C:\Users\user\AppData\Local\Temp\,00FC16FE,C:\Users\user\AppData\Local\Temp\), ref: 00FC1232
                                                                                                                                                                                                      • Part of subcall function 00FC122C: CreateDirectoryA.KERNELBASE(00FC16FE,00000000), ref: 00FC1249
                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000104), ref: 00FC1705
                                                                                                                                                                                                    • lstrcatA.KERNEL32(?,\Temp), ref: 00FC1714
                                                                                                                                                                                                    • GetTempFileNameA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,xns,00000000,?), ref: 00FC173D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DirectoryTemp$CreateFileNamePathWindowslstrcatlstrlen
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp$\Temp$xns
                                                                                                                                                                                                    • API String ID: 1310256646-141446157
                                                                                                                                                                                                    • Opcode ID: c435366f1ea9d7ceadf030abec60c8141c2dcb5929de6e7f35ef7f684d2b0fde
                                                                                                                                                                                                    • Instruction ID: ae6df4cd1c0f0524b47b6796f338f6d1290e83e6fce4ae4cc1bacbc7939466a2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c435366f1ea9d7ceadf030abec60c8141c2dcb5929de6e7f35ef7f684d2b0fde
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BF0E227A812137AD6102761AF4BFDF7718BF93BB8F10401DF200E5092DA688A2176A6
                                                                                                                                                                                                    Function 00FC122C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14stringCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 77 fc122c-fc123d lstrlenA 78 fc123f 77->78 79 fc1246-fc1253 CreateDirectoryA 77->79 78->79
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • lstrlenA.KERNEL32(00FC16FE,C:\Users\user\AppData\Local\Temp\,00FC16FE,C:\Users\user\AppData\Local\Temp\), ref: 00FC1232
                                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(00FC16FE,00000000), ref: 00FC1249
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00FC122C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateDirectorylstrlen
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                    • API String ID: 532367266-4083868402
                                                                                                                                                                                                    • Opcode ID: d1e7408d914de3a4ea5d6c6a45d5ff2d985cdd122b39e81003f3df0113315815
                                                                                                                                                                                                    • Instruction ID: 5656e1f1d2dc7ba394d36eac9341b2d88ef7dacb30cbbbf72fe3a30e0c31b4a2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1e7408d914de3a4ea5d6c6a45d5ff2d985cdd122b39e81003f3df0113315815
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0D0A7328983119EE3109790AD0DFCA3FD4AF0A309F414048E10097061C7A285014745
                                                                                                                                                                                                    Function 00FC160C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33fileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 110 fc160c-fc1617 111 fc162f 110->111 112 fc1619-fc1620 110->112 113 fc1631-fc1639 111->113 114 fc162b-fc162d 112->114 115 fc1622-fc1626 call fc1254 112->115 116 fc163b 113->116 117 fc1640-fc1644 113->117 114->113 115->114 116->117 119 fc164b-fc165d CreateFileA 117->119 120 fc1646 117->120 120->119
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileA.KERNELBASE(?,00000000,00000001,00000000,00000003,00000000,00000000,C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp,?,00FC18E7,C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp,00000000,00000100,C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp), ref: 00FC1655
                                                                                                                                                                                                      • Part of subcall function 00FC1254: wsprintfA.USER32 ref: 00FC1296
                                                                                                                                                                                                      • Part of subcall function 00FC1254: lstrlenA.KERNEL32(01064208), ref: 00FC12A9
                                                                                                                                                                                                      • Part of subcall function 00FC1254: GetStdHandle.KERNEL32(000000F5,01064208,00000000), ref: 00FC12B3
                                                                                                                                                                                                      • Part of subcall function 00FC1254: ExitProcess.KERNEL32 ref: 00FC12D6
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp, xrefs: 00FC1613
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateExitFileHandleProcesslstrlenwsprintf
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp
                                                                                                                                                                                                    • API String ID: 2835913914-1753213394
                                                                                                                                                                                                    • Opcode ID: 3a7555f8fb264ec37d23beef3078ba3ef1e2cd6e15bc53566be2a36f620582d2
                                                                                                                                                                                                    • Instruction ID: cf9aac28d38bd433e43be2d6087e7dc9557df741f5fe5c5c9e12fc73fb0e7b00
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a7555f8fb264ec37d23beef3078ba3ef1e2cd6e15bc53566be2a36f620582d2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69F0823055034A6AFB159E158E0BFE77658EB02764F08811DB914980D2D3F48960BA94
                                                                                                                                                                                                    Function 00FC121C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6fileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 121 fc121c-fc122b
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DeleteFileA.KERNELBASE(00FC1A1F,00FC1A1F,C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp), ref: 00FC1220
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: DeleteFile
                                                                                                                                                                                                    • String ID: `1Wu
                                                                                                                                                                                                    • API String ID: 4033686569-3932088728
                                                                                                                                                                                                    • Opcode ID: 34a2467af30c9b9ae150e6443c938b1e66e0f3ca534ae9b4697ad503649f7297
                                                                                                                                                                                                    • Instruction ID: d6905400a4ebc621cc8ae7a6cf739a5aa24323a250017b4fc9c76a7a342969b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34a2467af30c9b9ae150e6443c938b1e66e0f3ca534ae9b4697ad503649f7297
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FA012311E4004868B002B30CD0681435509681507B0085207042C1060C720C4017500
                                                                                                                                                                                                    Function 00FC165E Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 123 fc165e-fc166a 124 fc166c-fc166d 123->124 125 fc1686-fc16a7 SetFilePointer 123->125 126 fc166f-fc1670 124->126 127 fc1683-fc1685 124->127 128 fc16a9-fc16b1 GetLastError 125->128 129 fc16bb-fc16c2 125->129 130 fc167e-fc1681 126->130 131 fc1672-fc1679 call fc1254 126->131 127->125 128->129 132 fc16b3-fc16b7 128->132 130->125 131->130 132->129
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetFilePointer.KERNELBASE(?,00000000,00000200,00000000,?,?,?,00FC1768,00000000,00000000,00000000,00000002,00000000,C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp,00000200), ref: 00FC169B
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00FC1768,00000000,00000000,00000000,00000002,00000000,C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp,00000200), ref: 00FC16A9
                                                                                                                                                                                                      • Part of subcall function 00FC1254: wsprintfA.USER32 ref: 00FC1296
                                                                                                                                                                                                      • Part of subcall function 00FC1254: lstrlenA.KERNEL32(01064208), ref: 00FC12A9
                                                                                                                                                                                                      • Part of subcall function 00FC1254: GetStdHandle.KERNEL32(000000F5,01064208,00000000), ref: 00FC12B3
                                                                                                                                                                                                      • Part of subcall function 00FC1254: ExitProcess.KERNEL32 ref: 00FC12D6
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorExitFileHandleLastPointerProcesslstrlenwsprintf
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1039847760-0
                                                                                                                                                                                                    • Opcode ID: 5d75916105dd7d81a87c545d75b95d328b5d9579f804b4ce7204c03bf93c9233
                                                                                                                                                                                                    • Instruction ID: 87b521ae66fe7af583a6f109a0bc7b6ab0da8abaad5d855273d57c3932f202f9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d75916105dd7d81a87c545d75b95d328b5d9579f804b4ce7204c03bf93c9233
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4014B70A1020AABDB18CFB4DA46EAE7BB4FB05374F24835CB522E61C1D6709A10BA10
                                                                                                                                                                                                    Function 00FC1181 Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 134 fc1181-fc1194 GetProcessHeap RtlAllocateHeap
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00FC15D5,?,?,00FC1869), ref: 00FC1187
                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00FC1869), ref: 00FC118E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$AllocateProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1357844191-0
                                                                                                                                                                                                    • Opcode ID: d2a41f3d5cad401cad1541644ba5c26b694292b3caed56ba045a791b240de89f
                                                                                                                                                                                                    • Instruction ID: 14ae2b81dd3614b63b6af263def77d75f22875e7885fdab7d2715b8e573c73ca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2a41f3d5cad401cad1541644ba5c26b694292b3caed56ba045a791b240de89f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7B00277584204ABDE415BE09F0EF497E65BB44746F108444F34587064C6754510FF15
                                                                                                                                                                                                    Function 00FC11F5 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 139 fc11f5-fc1210 WriteFile 140 fc1217-fc121b 139->140 141 fc1212-fc1216 139->141
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WriteFile.KERNELBASE(00FC12BF,?,?,00000000,00000000,?,?,00FC12BF,00000000), ref: 00FC1208
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                                                    • Opcode ID: f2918f4e73dc3c2313e1e8bbe39ae9b9dfc0c53f768d11919199f0d65c8ec378
                                                                                                                                                                                                    • Instruction ID: 8ed000e4875531e357283c6ca649c155d47e8bcb0df34ae69369f574ce432d79
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2918f4e73dc3c2313e1e8bbe39ae9b9dfc0c53f768d11919199f0d65c8ec378
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BD0173160020DBBEF00CFA0DD02E997BACAB017A8F104254BA25D10A0E3B1DE10AB50
                                                                                                                                                                                                    Function 00FC11CE Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 136 fc11ce-fc11e9 ReadFile 137 fc11eb-fc11ef 136->137 138 fc11f0-fc11f4 136->138
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ReadFile.KERNELBASE(00FC4208,00000000,00FC17C7,000A0000,00000000,?,?,00FC17C7,00000000,00FC4208,000A0000), ref: 00FC11E1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                                    • Opcode ID: 14a9ddb3adf4e28186df27777fca9c1cbfb7b0d09d013082859be1e58805a5c5
                                                                                                                                                                                                    • Instruction ID: 1a44a38eff1c9b9fa56ab8822e7f703b78d646cbf4a2295475151e01f4c3d264
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14a9ddb3adf4e28186df27777fca9c1cbfb7b0d09d013082859be1e58805a5c5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96D0173160010EBBDF00CFA0DD02E997BADAB003A8F104254BA24D20A0E3B1DA10BB50

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 00FC1254 Relevance: 22.8, APIs: 5, Strings: 8, Instructions: 45stringwindowCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 177 fc1254-fc1259 178 fc125b-fc125c 177->178 179 fc1280 177->179 180 fc125e-fc125f 178->180 181 fc1279-fc127e 178->181 182 fc1285-fc12a6 wsprintfA 179->182 183 fc1261-fc1262 180->183 184 fc1272-fc1277 180->184 181->182 185 fc12a8-fc12c2 lstrlenA GetStdHandle call fc11f5 182->185 186 fc12c4-fc12ce MessageBoxA 182->186 187 fc126b-fc1270 183->187 188 fc1264-fc1269 183->188 184->182 190 fc12d4-fc12d6 ExitProcess 185->190 186->190 187->182 188->182
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wsprintfA.USER32 ref: 00FC1296
                                                                                                                                                                                                    • lstrlenA.KERNEL32(01064208), ref: 00FC12A9
                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F5,01064208,00000000), ref: 00FC12B3
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,01064208,Error,00000010), ref: 00FC12CE
                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00FC12D6
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.1709577935.0000000000FC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709557609.0000000000FC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709601335.0000000000FC3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1709625223.0000000000FC4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.1710046466.0000000001106000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_fc0000_file.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExitHandleMessageProcesslstrlenwsprintf
                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\xnsE6A3.tmp$Error$Error: %s, %d$Failed to create temporary file$Failed to decompress data$Internal crash$Out of memory$The installation package is corrupted
                                                                                                                                                                                                    • API String ID: 2501853969-2812163425
                                                                                                                                                                                                    • Opcode ID: 3ecdae7452ddb97282399862d6d96a9e207d20e33deb292ad028997c32e9f706
                                                                                                                                                                                                    • Instruction ID: 328715b707ce4efde4388c414e043d40608116c0849eb1b3f358bbb4df46c51b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ecdae7452ddb97282399862d6d96a9e207d20e33deb292ad028997c32e9f706
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF01D137A84207BBD6201B448F0BFE67928FB027E9F14801CB505C61C3C9218A24F7A2

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:0.1%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                    Signature Coverage:2.6%
                                                                                                                                                                                                    Total number of Nodes:38
                                                                                                                                                                                                    Total number of Limit Nodes:5
                                                                                                                                                                                                    execution_graph 59442 40f560 GetCommandLineA 59443 40f589 59442->59443 59475 40d590 GetProcessHeap HeapAlloc 59443->59475 59445 40f679 59446 40d590 2 API calls 59445->59446 59450 40f68a 59446->59450 59447 40d590 2 API calls 59453 40f5ba 59447->59453 59449 40f6eb 59451 40f6f5 GetModuleHandleA 59449->59451 59477 40d6e0 59450->59477 59480 40f190 59451->59480 59453->59445 59453->59447 59465 40f5c4 59453->59465 59486 40d5c0 GetProcessHeap HeapReAlloc 59453->59486 59456 40f812 GetModuleHandleA 59458 40f86b GetProcAddress 59456->59458 59459 40f81e 59456->59459 59457 40f887 GetProcAddress 59460 40f878 59457->59460 59458->59460 59462 40f83b 59459->59462 59463 40f830 59459->59463 59464 40f848 LoadLibraryA 59459->59464 59468 40f8e4 ExitProcess 59460->59468 59469 40f8ac 59460->59469 59462->59464 59487 40e180 GetModuleFileNameA 59463->59487 59464->59458 59470 40f85a 59464->59470 59465->59453 59484 40d560 GetProcessHeap HeapFree 59465->59484 59485 40d7f0 7 API calls 59465->59485 59474 40f8eb ExitProcess 59469->59474 59488 40e180 GetModuleFileNameA 59470->59488 59472 40f839 59472->59464 59473 40f867 59473->59458 59476 40d5a9 59475->59476 59476->59453 59478 40d6ff 59477->59478 59479 40d6ed GetProcessHeap HeapFree 59477->59479 59478->59449 59479->59478 59483 40f1b8 59480->59483 59481 40f44e 59481->59456 59481->59457 59482 40d590 2 API calls 59482->59483 59483->59481 59483->59482 59484->59465 59485->59465 59486->59453 59487->59472 59488->59473

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 0040F560 Relevance: 24.8, APIs: 8, Strings: 6, Instructions: 260COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCommandLineA.KERNEL32 ref: 0040F57E
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00000040), ref: 0040F708
                                                                                                                                                                                                      • Part of subcall function 0040CE00: wvsprintfA.USER32(?,00000010,?), ref: 0040CE3E
                                                                                                                                                                                                      • Part of subcall function 0040CE00: GetStdHandle.KERNEL32(000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?,?,00000000,0040F5BA), ref: 0040CE45
                                                                                                                                                                                                      • Part of subcall function 0040CE00: GetModuleHandleA.KERNEL32(00000000,000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?,?,00000000,0040F5BA), ref: 0040CE57
                                                                                                                                                                                                      • Part of subcall function 0040CE00: WriteFile.KERNEL32(00000000,?,-00000001,?,00000000,00000000,000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?), ref: 0040CEBF
                                                                                                                                                                                                      • Part of subcall function 0040CE00: WriteFile.KERNEL32(00000000,004D1D2A,-00000001,?,00000000,00000000,?,-00000001,?,00000000,00000000,000000F4,00000000,?), ref: 0040CEE2
                                                                                                                                                                                                      • Part of subcall function 0040CE00: RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 0040CFB6
                                                                                                                                                                                                      • Part of subcall function 0040CE00: ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 0040CFE4
                                                                                                                                                                                                      • Part of subcall function 0040CE00: DeregisterEventSource.ADVAPI32(00000000), ref: 0040CFEA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EventHandle$FileModuleSourceWrite$CommandDeregisterLineRegisterReportwvsprintf
                                                                                                                                                                                                    • String ID: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll$Invalid component configuration: RT component not defined$JR_Loader$Unable to find loader entry$Unable to query command line$pJ
                                                                                                                                                                                                    • API String ID: 3479869688-620051120
                                                                                                                                                                                                    • Opcode ID: 59391a7bdf88ebc86d08e085159118452b8caad425d78871d06dd82718e2c438
                                                                                                                                                                                                    • Instruction ID: 0984621fd36ec901b5d1f05988455f622831ccda366a83b2d9ca55f23a15fba0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59391a7bdf88ebc86d08e085159118452b8caad425d78871d06dd82718e2c438
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D91A3B1605305AFD724AF65DC41B1B7BD9EB85308F00883EF544AB3A2D77D98098B9E

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 02396110 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 230libraryloaderthreadCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • DisableThreadLibraryCalls.KERNEL32(?), ref: 02396154
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(005CC940,?,?,?), ref: 0239627B
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,025C2038,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,024DC1D0,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,jetrt,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,024DC1D0,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,jre,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll), ref: 023963F2
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 02396410
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Library$AddressCallsDisableHandleLoadModuleProcThread
                                                                                                                                                                                                    • String ID: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll$Invalid component configuration: JET profile name is not defined$Invalid component configuration: RT component not defined$JR_Loader$Unable to find loader entry$handler_catchgetPathMatcherPROT_LEVEL_NOT_SUPPORTED_BY_SECURITY_bipushgetEntry0(Ljava/lang/Class;)Vfield_attr_indexeseventCountgetProbetryPopulationCodingreadAttributesinquireSecContextLAST_RESERVEDgetMechTypesnewDirectoryStreamappendVmSynonymMessagegetFileCLA$jetrt$jre$profile
                                                                                                                                                                                                    • API String ID: 2098093564-3117731582
                                                                                                                                                                                                    • Opcode ID: 8bee88a9395920d87f7b7272988c33f04ff4b271a852a9b60d66c7911fb0aa75
                                                                                                                                                                                                    • Instruction ID: bb4e14f3cc06d994fddde0e68cc749229e04a6de8c56d588a691c0493d5c094f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bee88a9395920d87f7b7272988c33f04ff4b271a852a9b60d66c7911fb0aa75
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 537105B1A45200ABCF356B6CA891B6F7B9EEB47314F100A1EF4999B394DB32D810CF55
                                                                                                                                                                                                    Function 00410110 Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 226libraryfileloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 151 410110-410225 152 41022b-410235 GetModuleHandleA 151->152 153 41041c-410427 GetProcAddress 151->153 154 410400-41040b GetProcAddress 152->154 155 41023b-410242 152->155 156 410436-410442 153->156 157 410429-410435 call 40ce00 153->157 154->156 158 41040d-41041a call 40ce00 154->158 159 410244-41024b 155->159 160 41025f-41026d 155->160 172 410481 156->172 173 410444-41047f call 485ada call 485b1c 156->173 157->156 158->156 163 410251-41025a call 40e180 159->163 164 4103e5-4103f5 LoadLibraryA 159->164 166 41027c-410290 call 410560 160->166 167 41026f-41027b call 40ce00 160->167 163->164 164->154 174 4103f7-4103fb call 40e180 164->174 182 410292 call 40ebd0 166->182 183 410297-410315 call 40c760 * 3 FindFirstFileA 166->183 167->166 176 410483-41048f 172->176 173->176 174->154 182->183 194 410317-41032b FindClose 183->194 195 41032d-41033c call 40e0f0 183->195 196 410343-4103d3 call 40c760 * 6 FindFirstFileA 194->196 195->196 211 4103d5-4103db FindClose 196->211 212 4103dd-4103e0 call 40e060 196->212 211->164 212->164
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(005CA9A0), ref: 0041022C
                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,005CA9A0), ref: 00410306
                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,005CA9A0), ref: 0041031F
                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,?,005A1058,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,005CA9A0), ref: 004103CB
                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,?,005A1058,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,005CA9A0), ref: 004103D6
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,005A1058,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,?,005A1058,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,?,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,005CA9A0), ref: 004103EC
                                                                                                                                                                                                      • Part of subcall function 0040E180: GetModuleFileNameA.KERNEL32(?,?,00000104,00000000,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,0040F867,00000000,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,00000000,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,00000000,005CA9A0,00000000,00000000,00000000), ref: 0040E1A8
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,JR_Loader), ref: 00410402
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,JR_Loader), ref: 0041041E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Find$File$AddressCloseFirstModuleProc$HandleLibraryLoadName
                                                                                                                                                                                                    • String ID: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll$Invalid component configuration: JET profile name is not defined$Invalid component configuration: RT component not defined$JR_Loader$Unable to find loader entry$jetrt$jre$pJ$profile
                                                                                                                                                                                                    • API String ID: 1448026474-562432166
                                                                                                                                                                                                    • Opcode ID: a5a4a3c677c7fc63bfe10e64063af17ee2597ac9f47741516ee1e4e3723f45d7
                                                                                                                                                                                                    • Instruction ID: aaa8f8951dffdb0eaae7a2d27d8482b59bbedea4e33cda0930e779cf4de564f7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5a4a3c677c7fc63bfe10e64063af17ee2597ac9f47741516ee1e4e3723f45d7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E681A4B02053049BD764BB69DC95B9B7B99EB85304F004A3FF508973A2DB7D98408B5D
                                                                                                                                                                                                    Function 0040D7F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 181memoryfileCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 573 40d7f0-40d808 574 40d811-40d817 573->574 575 40d819-40d81b 574->575 576 40d80c 574->576 577 40d81d-40d822 575->577 578 40d80e 575->578 576->578 579 40d824 577->579 580 40d826-40d82d 577->580 578->574 579->580 581 40d835-40d83b 580->581 582 40d830 581->582 583 40d83d-40d83f 581->583 584 40d832 582->584 583->584 585 40d841-40d84a 583->585 584->581 586 40d850-40d87b FindFirstFileA 585->586 587 40d84c 585->587 588 40d881-40d8cb 586->588 589 40da1a 586->589 587->586 590 40d8d0-40d8d8 588->590 591 40da1f-40da2d 589->591 592 40d8ea-40d8f2 590->592 593 40d8f4-40d8fc 592->593 594 40d8dc-40d8de 592->594 595 40d90e-40d916 593->595 596 40d8e4-40d8e7 594->596 597 40d9ef-40d9fe FindNextFileA 594->597 598 40d900-40d902 595->598 599 40d918-40d91a 595->599 596->592 597->590 600 40da04-40da18 FindClose 597->600 598->597 601 40d908-40d90b 598->601 602 40d91f-40d924 599->602 600->591 601->595 603 40d926-40d93e GetProcessHeap HeapAlloc 602->603 604 40d91c 602->604 605 40d940-40d949 call 40ce00 603->605 606 40d94a-40d953 603->606 604->602 605->606 608 40d95b-40d95f 606->608 610 40d961-40d96c 608->610 611 40d958 608->611 612 40d976-40d98a 610->612 611->608 613 40d970-40d973 612->613 614 40d98c-40d98e 612->614 613->612 615 40d993-40d997 614->615 616 40d990 615->616 617 40d999-40d9a1 615->617 616->615 618 40d9aa-40d9b4 617->618 619 40d9a4-40d9a7 618->619 620 40d9b6-40d9bb 618->620 619->618 621 40d9d7-40d9ea 620->621 622 40d9bd-40d9d4 call 40d5c0 620->622 621->597 622->621
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,00000000,?,?,00000000,0040F61C,00000000,?,00000000,0000003F,00000000,00000000,-00000001,?,?), ref: 0040D86F
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,?,00000000,?,?,00000000,0040F61C,00000000,?,00000000,0000003F,00000000,00000000,-00000001,?,?), ref: 0040D926
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000000,?,?,?,00000000,?,?,00000000,0040F61C,00000000,?,00000000,0000003F,00000000,00000000), ref: 0040D933
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$AllocFileFindFirstProcess
                                                                                                                                                                                                    • String ID: /$Not enough memory for initialization.
                                                                                                                                                                                                    • API String ID: 2094127529-4154841184
                                                                                                                                                                                                    • Opcode ID: fadf179a82de9486c9f9abd689a38fbc303e7489d7e651d0168536372622b429
                                                                                                                                                                                                    • Instruction ID: a783b207e15a32b521faba2e8c998cc0fca15f0fe0fdd5da1269fb60f2d06957
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fadf179a82de9486c9f9abd689a38fbc303e7489d7e651d0168536372622b429
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C561E9B1A093809FC3159F68C85076BBBE1BF99304F08893EE9D997391E7399D09C746
                                                                                                                                                                                                    Function 00482170 Relevance: 9.4, Strings: 6, Instructions: 1875COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: :$:$@'H$@2H$p!H$:H
                                                                                                                                                                                                    • API String ID: 0-1320228150
                                                                                                                                                                                                    • Opcode ID: 45b81a7e870abbabf4653739b4887ee3ff118b07458c64a3aafd16e9a859d27d
                                                                                                                                                                                                    • Instruction ID: 9351cecebb38f535626b3b76f8d02db4456b693f75be89cfdbd84a97b457ba77
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45b81a7e870abbabf4653739b4887ee3ff118b07458c64a3aafd16e9a859d27d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00039930909301CFC725AF04D58826EBBB0FFC0705F918D6EE5A612266E775D9A4CF8A
                                                                                                                                                                                                    Function 02396710 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 129fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 02396891
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                                                                                    • String ID: JR_Loader
                                                                                                                                                                                                    • API String ID: 1974802433-1712760369
                                                                                                                                                                                                    • Opcode ID: 3fe95a922c17eeadaeee812c1e9031ddc982873201ce958d3527506aeea1579e
                                                                                                                                                                                                    • Instruction ID: e2ce120c7a0b9c61becf19489fe9e5edc7286c45e0f0f39af2d048e00314473b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fe95a922c17eeadaeee812c1e9031ddc982873201ce958d3527506aeea1579e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08518BB150E3819FDF25CF28C8417AABBE9AB97314F08491DE4C987382E3729945CF12
                                                                                                                                                                                                    Function 0040F460 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(004B6124,?), ref: 0040F51B
                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,004B6124,?), ref: 0040F526
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                    • String ID: bin
                                                                                                                                                                                                    • API String ID: 2295610775-2854705901
                                                                                                                                                                                                    • Opcode ID: 64a27ea39401eac55ffa60b010cfb34e66b89412bf0fe5680f2af5fd6745421e
                                                                                                                                                                                                    • Instruction ID: fafc77d9cd25da29f882acacd1df34d99d287dff760091599fd8ce4210895b9b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64a27ea39401eac55ffa60b010cfb34e66b89412bf0fe5680f2af5fd6745421e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82213AA2B496801BD725463C8C203772A826BF7310F1D427BD9D59BBDBF67D480E831A
                                                                                                                                                                                                    Function 00475CC8 Relevance: 3.7, Strings: 1, Instructions: 2412COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                    • API String ID: 0-336475711
                                                                                                                                                                                                    • Opcode ID: d40d522038ff0403d7e8ccf6cde33686834428e76ffdaf3e66bd887c40b58d9f
                                                                                                                                                                                                    • Instruction ID: a2ab8fdd4ca669aa4264f0bf7bbf7c33824a5380ea05c35660058a6aa8bb5a14
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d40d522038ff0403d7e8ccf6cde33686834428e76ffdaf3e66bd887c40b58d9f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E431F70909381CFC735CF04D4886DABBE1FB88304FA5896ED99E47255D735A8A1CF8A
                                                                                                                                                                                                    Function 071B1740 Relevance: 3.0, APIs: 2, Instructions: 21fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 071B1760
                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,?), ref: 071B176B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2643644155.00000000071B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 071B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643571719.00000000071B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643949504.00000000073FF000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644109389.0000000007433000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644267194.0000000007450000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644360171.0000000007471000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.0000000007527000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.000000000752B000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.000000000752C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.0000000007570000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_71b0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                                    • Opcode ID: 577c0ef308b991fb1055d3e51597efc70ca2f917e80a5b31c21209c0c4fd1b82
                                                                                                                                                                                                    • Instruction ID: 4179ae17165b47470d99fb346641f3e93fc94eb280544252bf084e8e0617c2cd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 577c0ef308b991fb1055d3e51597efc70ca2f917e80a5b31c21209c0c4fd1b82
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52E0C2F271C504A2EA1C513CED287AF63994BD4320F410B3EB6AAC22F4DF308C649153
                                                                                                                                                                                                    Function 00483E3E Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: @?H$P>H
                                                                                                                                                                                                    • API String ID: 0-1055312113
                                                                                                                                                                                                    • Opcode ID: 2266940505d6410a100183cdb206e659aadaa1ed97898d6f7e6e379cd31155e1
                                                                                                                                                                                                    • Instruction ID: 6868dc3069dcbc9a09a14e776f70bad89efde92eefd306fec576712535bcd36c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2266940505d6410a100183cdb206e659aadaa1ed97898d6f7e6e379cd31155e1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4617F709087069FC314DF19C880A1BF7E1BBD5319F18CA6EE9A807792C734E995CB96
                                                                                                                                                                                                    Function 0045FD20 Relevance: 2.1, Strings: 1, Instructions: 801COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: P
                                                                                                                                                                                                    • API String ID: 0-3110715001
                                                                                                                                                                                                    • Opcode ID: 175ea3228d94d678438fcce12b1cccb7a487160d2ea70b278389e3576e4773ca
                                                                                                                                                                                                    • Instruction ID: 7015f9a184d5ad9a0dab061ef14c5cea5d0a957a3eb3746bde6619f5c4f43ccc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 175ea3228d94d678438fcce12b1cccb7a487160d2ea70b278389e3576e4773ca
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C172D0715087829FD324DF19C88072BBBE2BF98304F44896EF6950B792D339E855CB96
                                                                                                                                                                                                    Function 0042B730 Relevance: 2.0, Strings: 1, Instructions: 795COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: ssss
                                                                                                                                                                                                    • API String ID: 0-3278310612
                                                                                                                                                                                                    • Opcode ID: f2c03e5b91d850a5a9988c3ace630671c91e7ad2bbb1d61746ecb60ab512cb3f
                                                                                                                                                                                                    • Instruction ID: 0fe00301e07d0b4214974738fd78209243ffa21fb620d52a2cdc0d77ff7e9b27
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2c03e5b91d850a5a9988c3ace630671c91e7ad2bbb1d61746ecb60ab512cb3f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C726870204740DFD720EF25D989B6ABBE1FF48304F50896EE9998B362C779A841CF59
                                                                                                                                                                                                    Function 0043BA22 Relevance: 1.9, Strings: 1, Instructions: 696COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: ssss
                                                                                                                                                                                                    • API String ID: 0-3278310612
                                                                                                                                                                                                    • Opcode ID: 5a6422619cb5c73046118cc793fd5b86d7dfac422b2c7f30f6ae61d86435f20e
                                                                                                                                                                                                    • Instruction ID: 4bf390d9b2405ec81cb9e44061123086493682172d8ee236f89c51e5a7b11e66
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a6422619cb5c73046118cc793fd5b86d7dfac422b2c7f30f6ae61d86435f20e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15424070204341AFE714AF51CD86FAEBBA9FB48704F10496EFA055B2A2D775AC40CF99
                                                                                                                                                                                                    Function 0041B480 Relevance: 1.8, Strings: 1, Instructions: 522COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: g
                                                                                                                                                                                                    • API String ID: 0-30677878
                                                                                                                                                                                                    • Opcode ID: 1dc18b5e4ab50e475101d8bbe91887f7dd6b219381ad345e54cba70666382845
                                                                                                                                                                                                    • Instruction ID: ef584e2f7691725a0ee544d88110f8bd66c4162e8b647e39425fdc67a3e7ea57
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dc18b5e4ab50e475101d8bbe91887f7dd6b219381ad345e54cba70666382845
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2326D74204241DFD704DF14C889BAABBB1FF58318F1485AEF9494B7A2C779AC81CBA5
                                                                                                                                                                                                    Function 00473D00 Relevance: 1.7, Strings: 1, Instructions: 493COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                    • API String ID: 0-336475711
                                                                                                                                                                                                    • Opcode ID: b8fb05a201f490e2d120e70b0b42cd04ca72116dfec44a790e2a6c5b7ff879b2
                                                                                                                                                                                                    • Instruction ID: cdc5205c5fcce387addfefdeea8bdb679a668b78c06c5bd1c8e246394f57b1d4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8fb05a201f490e2d120e70b0b42cd04ca72116dfec44a790e2a6c5b7ff879b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C022AD30609381CFC7249F14D5886AABBF1FFC5304F518CAEEA89572A1D7399C64DB4A
                                                                                                                                                                                                    Function 00443F04 Relevance: 1.6, Strings: 1, Instructions: 315COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: PCD
                                                                                                                                                                                                    • API String ID: 0-957902573
                                                                                                                                                                                                    • Opcode ID: 4229bf0bdae3c239d95ae9c924d3587a5130001556f74d6c0bfb8a09454a5064
                                                                                                                                                                                                    • Instruction ID: bbdca816e7b1254e8dfb97e365eb670e1504e614a7e9a32860ae821d636ab69b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4229bf0bdae3c239d95ae9c924d3587a5130001556f74d6c0bfb8a09454a5064
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FC1AC30504702DFE720DF65D884B2ABBE1BB94304F148A6FF9954B791C778E895CB4A
                                                                                                                                                                                                    Function 004259EF Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: pZB
                                                                                                                                                                                                    • API String ID: 0-1932928032
                                                                                                                                                                                                    • Opcode ID: f5f816979ba6c8b960ea379902ea4dfcbb12a747b4ffb821a0daae21f13a8de8
                                                                                                                                                                                                    • Instruction ID: 5b0f9a8a1be22150fd965ee6dc8bb378b427a49380bdbe4bfc7ca64e204bfdfe
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5f816979ba6c8b960ea379902ea4dfcbb12a747b4ffb821a0daae21f13a8de8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6311D234700A008FC604EB14D4C9F6AB7E1BB85314F64DAAEE8559B291C778DC81CB1D
                                                                                                                                                                                                    Function 021FB1CC Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: sisiss
                                                                                                                                                                                                    • API String ID: 0-1539587742
                                                                                                                                                                                                    • Opcode ID: eb9a7bc0cd5fb6b5a08da59c30fa166cf5f83ef3d3c0d728df8e6a1c90c7db6d
                                                                                                                                                                                                    • Instruction ID: f4a0d87df1fafdf51d1d45c072fa8d31a4a00e120fb3677840b2c34a170773b3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb9a7bc0cd5fb6b5a08da59c30fa166cf5f83ef3d3c0d728df8e6a1c90c7db6d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F210235488340EFDB15DF14D840BA9FBB6BB49318F148959EA695B291C730EA52CF01
                                                                                                                                                                                                    Function 00447314 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: sD
                                                                                                                                                                                                    • API String ID: 0-2997825614
                                                                                                                                                                                                    • Opcode ID: d3575a92c8dd86e9ae1e118f9494e73f8b52af40a915d6d0f6cadd6d39fe9ae0
                                                                                                                                                                                                    • Instruction ID: 1f287a2637488894848f172452bb8623f735f2c34dacf1ef9da0852baa162d21
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3575a92c8dd86e9ae1e118f9494e73f8b52af40a915d6d0f6cadd6d39fe9ae0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6F03C35104501EFC214DF09D98DE9EFBF9FF45325F10416AE8199B251CB31AC52CB65
                                                                                                                                                                                                    Function 00443C54 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: `<D
                                                                                                                                                                                                    • API String ID: 0-3050630724
                                                                                                                                                                                                    • Opcode ID: 0714dc49b417db1aefbf1b475f3db331b4d55eeec954e0938684a8c816e0db8e
                                                                                                                                                                                                    • Instruction ID: 3e604badcba6b17279de65a0fd01c4831baadbd7bdef1ef55ae054e5a13734c1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0714dc49b417db1aefbf1b475f3db331b4d55eeec954e0938684a8c816e0db8e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BDF0AF76100500EFD214EF09C98DE9AFBF8EF8A325F10816AF8189B291C732AC51CB65
                                                                                                                                                                                                    Function 00443E64 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: p>D
                                                                                                                                                                                                    • API String ID: 0-2613325750
                                                                                                                                                                                                    • Opcode ID: 828a79d2883a0118225d354477c54c912e45b6aa089ab07b63cd2376ad4f0662
                                                                                                                                                                                                    • Instruction ID: 2609eeefd1e990709dfa654b7e2f5962642dafa49e63fc8049e12fc1942fb6a9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 828a79d2883a0118225d354477c54c912e45b6aa089ab07b63cd2376ad4f0662
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AE09230400200DFD304DF04C489A59FBB2EB82325F30C66EE8980B381CB319881CB46
                                                                                                                                                                                                    Function 00443B34 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: @;D
                                                                                                                                                                                                    • API String ID: 0-3268951651
                                                                                                                                                                                                    • Opcode ID: d6924e6b8d40bc1f33e0b36e6d55b46d6ffc43667b21a21073dfc3f21a5295a9
                                                                                                                                                                                                    • Instruction ID: f8e9ce3071ab85a92a55c660c9519c680f2abd63cb87cd2e39d28d001dd0149c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6924e6b8d40bc1f33e0b36e6d55b46d6ffc43667b21a21073dfc3f21a5295a9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96E086309044009FD214EF2CC589B69F7F1EB42328F208369E8789B6C2DB35AD91CA5F
                                                                                                                                                                                                    Function 021FF594 Relevance: .7, Instructions: 683COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0b8b2268a289ee94b5935109f9c51c709a6d8acb0b224f6f2c2b87c4f435b364
                                                                                                                                                                                                    • Instruction ID: 8e32da67303065fc3cfc298869b9884d2cf191c4005057c625f1e4188e4c178a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b8b2268a289ee94b5935109f9c51c709a6d8acb0b224f6f2c2b87c4f435b364
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5242CE71684300EFE760DF14C844B2BB7EAFB85308F05896DEA695B6D1C7B19846CF92
                                                                                                                                                                                                    Function 004619E0 Relevance: .6, Instructions: 614COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 161e43fd9ad6b3c89389a3b97b2a0cf922458c94fc8a297b3704f1e329e74775
                                                                                                                                                                                                    • Instruction ID: 356c6df61ff6110244910230041ba4bc645972e7d649b2830dc41903f91fe213
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 161e43fd9ad6b3c89389a3b97b2a0cf922458c94fc8a297b3704f1e329e74775
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6042E1341047469FC320EF24C980B6ABBE1FF95308F08892EE9944B352E779ED45CB5A
                                                                                                                                                                                                    Function 004480F4 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0b9f986c46978eeaeded019eee41c8103281b8b70261d0cf87ef355cbec1c220
                                                                                                                                                                                                    • Instruction ID: d555447c6ec24efd529cca26dfc6b1c1b36307ac0ec041f36f5723c4d7ddf83b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b9f986c46978eeaeded019eee41c8103281b8b70261d0cf87ef355cbec1c220
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7F1BF70104701AFE720AF61CC49F6EBBB5FF45704F00486EFA45AB2A2DB799845DB29
                                                                                                                                                                                                    Function 00441A54 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0ad71bc7f152b82a09d731dbabf7a512f1866b0a3f63a378d113b65178e64a00
                                                                                                                                                                                                    • Instruction ID: adbd7448fa63cb7f25b66f3ec1772caf5423f379c07138f1bdab6cb496c2bc59
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ad71bc7f152b82a09d731dbabf7a512f1866b0a3f63a378d113b65178e64a00
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CA1E070604741EFEB119F20C988BAABBB5FF49304F04856AF9594B372C738AD80DB15
                                                                                                                                                                                                    Function 0220B140 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b33a2048b4ef28bf6543afc8056aee765649ea219799eb475e2956d27e974f71
                                                                                                                                                                                                    • Instruction ID: 8c92ce3827ba4f67ff6b810a0b2ef2f818b6242af333d890f65ab803b6f998dc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b33a2048b4ef28bf6543afc8056aee765649ea219799eb475e2956d27e974f71
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3819131548701AFEB10AB24CD45E2AF7B2FBC4B14F108B68F89A566E5CB719C60DB53
                                                                                                                                                                                                    Function 0040BC45 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1d8eedbfff5151287b862722360fb3440c788287f10221443bf19d8035a23c3f
                                                                                                                                                                                                    • Instruction ID: fe56f7f79889bef84d4e5e6236c10c803dc1a346e4498fb012b472081f85cdfd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d8eedbfff5151287b862722360fb3440c788287f10221443bf19d8035a23c3f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B81F334504200DFD314CF15C488B6AFBE5FF88308F2489AEE5496B392C77A9C82CB99
                                                                                                                                                                                                    Function 0043C1E1 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 8b55df61ee7e90bc7a6c196a5349095b47f2c161b71c6c8c3400158760d9a0bb
                                                                                                                                                                                                    • Instruction ID: de824a5c0b2efebef0334a75cf0e22a790c5f6c49a111a77e358299dad414b46
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b55df61ee7e90bc7a6c196a5349095b47f2c161b71c6c8c3400158760d9a0bb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF417935244200AFD714DF40CD85FAAB7A5FB48704F1485AAFE496F2A2C775AC10CF68
                                                                                                                                                                                                    Function 021EA40D Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 79735f7aa3a07c193bba896a07488e309e617fb5a46651906ab12a1f99831149
                                                                                                                                                                                                    • Instruction ID: a3d6524c0d1b40ab3d1708bf47ac1396e96a821ef0dad4157b8fc98862a5427b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79735f7aa3a07c193bba896a07488e309e617fb5a46651906ab12a1f99831149
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F31CFB1984600EFEF14EF54DC48F6AB7A9EF45315F14846AF80A9B290C7709845CF61
                                                                                                                                                                                                    Function 071BFEC9 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2643644155.00000000071B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 071B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643571719.00000000071B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643949504.00000000073FF000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644109389.0000000007433000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644267194.0000000007450000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644360171.0000000007471000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.0000000007527000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.000000000752B000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.000000000752C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.0000000007570000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_71b0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0a30995e8ef0b281f35d777201689cc026e73719099ad49598f33e85579c05cf
                                                                                                                                                                                                    • Instruction ID: 64239bd11c91fad9c64b147385d44bf07a152b145695aca85c4f120c7c6f61d6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a30995e8ef0b281f35d777201689cc026e73719099ad49598f33e85579c05cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 763156B1200501DFE714EF64DC84EA9B7B5FF8A350F21865AD5588B6D1C732EC92CB82
                                                                                                                                                                                                    Function 00481500 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: be0990bd67567c9fab98aa7b670f24d8ec107c1d27b5a96e104de46bc785f4a8
                                                                                                                                                                                                    • Instruction ID: c4cf278a994b47172c5ee8b955f7ca0ac3f41dc51f9ad46909c39f3d8accb21f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: be0990bd67567c9fab98aa7b670f24d8ec107c1d27b5a96e104de46bc785f4a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F731453190825287C724AE29CC8026E7796FBC4305F288A3FE9A557352D639D982C746
                                                                                                                                                                                                    Function 021E9164 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 290794c971c2349535fb1ef93dc8afec4337786ddbba9fb84ecb200405ce65d1
                                                                                                                                                                                                    • Instruction ID: 0f35be1aa34d19ae5a190a8e016fad4fa6638dc01dc03ac2c270f87879dd10c8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 290794c971c2349535fb1ef93dc8afec4337786ddbba9fb84ecb200405ce65d1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6011B171544A02EFDB209F28D808B06FBB4FF5A730F04061AE55953BA0C771B464CF81
                                                                                                                                                                                                    Function 02210195 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 15656e94fec29fe3ab9ffa23333665d76083b9cf10d959b21dd0153cff92e549
                                                                                                                                                                                                    • Instruction ID: f655b1b161806583a98bf8234bf06d4e271736221923f9959e1009ccbb14faba
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15656e94fec29fe3ab9ffa23333665d76083b9cf10d959b21dd0153cff92e549
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB21E170AA4201DFEB35AFA8DC44FB573EAAB52315F140515E8406B1E4C7F08CA9DF01
                                                                                                                                                                                                    Function 0043B674 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: a787c3f0a6e4740ce9926b05da1dc5605c5cab8db3098ba9be1622d5acb91fcb
                                                                                                                                                                                                    • Instruction ID: 397eed06982e9a514f4318e774baa14ccfc866dbc03ac5ef332616e305fba626
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a787c3f0a6e4740ce9926b05da1dc5605c5cab8db3098ba9be1622d5acb91fcb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4321C2345087419FC720AB28C881A6AFBB4FF59324F145B5EE9E547781CB34A850CB6A
                                                                                                                                                                                                    Function 021EC104 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 452c69cd09f10d2129f577583d335543798c125a8d5cd8b225e8034ded4d1af8
                                                                                                                                                                                                    • Instruction ID: 5242f931033ffefcf374fc391326e4c929a03f3b90308858551888356572d49e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 452c69cd09f10d2129f577583d335543798c125a8d5cd8b225e8034ded4d1af8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB217F31588A44AFDA106B28CC01E6FBBB6FFC2764F054659F9A6172D0C7719810DB96
                                                                                                                                                                                                    Function 021F45AF Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b32c239a01697a1edb83a02d7b02a129a9e7870f7683374e7e06e2058d4aa97c
                                                                                                                                                                                                    • Instruction ID: 8fac652e0851ad5456183b950adf4691cac9d2b27bc5748509ddf4a421859fea
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b32c239a01697a1edb83a02d7b02a129a9e7870f7683374e7e06e2058d4aa97c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86115E71540604BFDB20AF61CC48E6BFBBDFF49350F044859F66A92911C732A851CB65
                                                                                                                                                                                                    Function 071C1E4C Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2643644155.00000000071B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 071B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643571719.00000000071B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643949504.00000000073FF000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644109389.0000000007433000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644267194.0000000007450000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644360171.0000000007471000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.0000000007527000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.000000000752B000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.000000000752C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.0000000007570000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_71b0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0d7c0826bde85f2d60c4ae1bc9251a76a5e53a88270c6e2d8b124efff1d2f700
                                                                                                                                                                                                    • Instruction ID: 25c980f5e42d086a24409decca5e9c3c9c5e7c97e8d1874bffcad90ee47f3f12
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d7c0826bde85f2d60c4ae1bc9251a76a5e53a88270c6e2d8b124efff1d2f700
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F1121F1644105EFEB26EF60E400C74BBE0FB96250B1A985DE285932A2C7369C56CB02
                                                                                                                                                                                                    Function 0047F730 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 089903060e96aa155adc842f81608f043e5fa326abda9197efacf465c02992a8
                                                                                                                                                                                                    • Instruction ID: fc3a97878515efaaf64c581136df571a011c2ddb600e655d6bd0186f3104e6bf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 089903060e96aa155adc842f81608f043e5fa326abda9197efacf465c02992a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1121CA786047029FD708CF28C484A5AF7F1BB88314F148A6AE96987751D731E8A5CB95
                                                                                                                                                                                                    Function 021F3590 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2d5b6393d265b641aa81b19f2b603878a908cbcfd4dbeca8ea4f1e2b2c8751f2
                                                                                                                                                                                                    • Instruction ID: 7d0a8a13a048a1559dae32f697dee4c5a5756df36eaf1f055745e6d0cae41561
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d5b6393d265b641aa81b19f2b603878a908cbcfd4dbeca8ea4f1e2b2c8751f2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8011B2B2644200AFD754DF24C985A6AF7A5FB85324F24835EEA6987380DB31D811CBA1
                                                                                                                                                                                                    Function 071CFF65 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2643644155.00000000071B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 071B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643571719.00000000071B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643949504.00000000073FF000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644109389.0000000007433000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644267194.0000000007450000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644360171.0000000007471000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.0000000007527000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.000000000752B000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.000000000752C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.0000000007570000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_71b0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6ce3cca36f91e7f68aec77092fda71eb5a7a1fe97641839cff0f09b9b8e7abfd
                                                                                                                                                                                                    • Instruction ID: 4e11ac10a2c2493013ea8b10f7b26bcdef526bc21625024c4175cf8795f5a9fd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ce3cca36f91e7f68aec77092fda71eb5a7a1fe97641839cff0f09b9b8e7abfd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 920108739483255BD3105A1CCC41A7AB7E99FDA660F05863EF9A893381C934D950C7B5
                                                                                                                                                                                                    Function 021F9673 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 79396828595da749d45ec89fa26831c219d1947b692f6a72dcccff83e3d2b348
                                                                                                                                                                                                    • Instruction ID: ed0bafcd18a100eab4f531e330ebc658c2ba3f3c6849c71f8b5af4938116857e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79396828595da749d45ec89fa26831c219d1947b692f6a72dcccff83e3d2b348
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A011E5304487C39FC722AF28C840B6AFFB0AF86230F14465AE9F543650DB305456CB92
                                                                                                                                                                                                    Function 0043B7A4 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 52c202dac35461088f19c24dcd23599f107258c3568747fce57a456102473c18
                                                                                                                                                                                                    • Instruction ID: 606da069ab8676b47aea316c54ba1780a6a94d4185e73bff4447da36423e976b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52c202dac35461088f19c24dcd23599f107258c3568747fce57a456102473c18
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9F0A971200502AFC324DF29C88DF6AF7F8FF89301F14016EF9509B290CB61A851CB25
                                                                                                                                                                                                    Function 02201605 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b0916aff7db0568d21d261ac175014da2a664dd0e65a55612b5fd47eb0cb27ef
                                                                                                                                                                                                    • Instruction ID: 898c86f7b219b1e0ba21cff6dfe14efeff6a5710919f09458398e6d4bf2a019b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0916aff7db0568d21d261ac175014da2a664dd0e65a55612b5fd47eb0cb27ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8F0B430710302DFEF249E90CEC9B3AF36AAB45318F188168D96E4B1D6DB61DC64CA21
                                                                                                                                                                                                    Function 0220A2A5 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2b5dfdd73fc0e0c20f21060b43e1885f89e55f72d64776af2cdbe1156ef65af2
                                                                                                                                                                                                    • Instruction ID: 31ed71f765901f9ed8dad471782944f4fc0e8a7bc2b57cf80f9a7dbf842b2c02
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b5dfdd73fc0e0c20f21060b43e1885f89e55f72d64776af2cdbe1156ef65af2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97F09670549B03AFE3049F24C81572AF7B0BF49310F108B18D89956EC4CB71D0A4CB86
                                                                                                                                                                                                    Function 021E7575 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 032899921d6d1f030a2f8f9d32288823d74f3e5165c7422019a25b815608fb19
                                                                                                                                                                                                    • Instruction ID: 0d704c980e0ed503e80e8b0e1aaf3df7fa045790d284421f263cb923fbe7f335
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 032899921d6d1f030a2f8f9d32288823d74f3e5165c7422019a25b815608fb19
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 87E0D8356C46006EEA20EF609D02F2AF773BB41B10F109A55D479177C2CAB0DC91CD15
                                                                                                                                                                                                    Function 021EC1DC Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 41b94156e559e9d31d8ddf88e260bab931ddeb789f18b14328ae01b848cda0cb
                                                                                                                                                                                                    • Instruction ID: 86a188b81ba84a9425b93d79a8a00a37e7cc5bc0806f632771276791a5ca4f4c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41b94156e559e9d31d8ddf88e260bab931ddeb789f18b14328ae01b848cda0cb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DED017709D5601AEBE14EB688C02C3EF266BB92720F015A55A4B76255087608820CA1A
                                                                                                                                                                                                    Function 021E2A44 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: cd919ecea70ea2033aa20f9f10a43a18ca7528c453b043f21f2dec62d052f61c
                                                                                                                                                                                                    • Instruction ID: 0e7e7f966c861251cceecb30db63ab39512f460086961b8db9c4b38971076c06
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd919ecea70ea2033aa20f9f10a43a18ca7528c453b043f21f2dec62d052f61c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0AE092709805009FEA28AE58CC09A75F7797B81314F500765E471975D0CB7044A5CB56
                                                                                                                                                                                                    Function 022082A4 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0cc6b2fa2d57ae64701828bcc46915c11e5e89868c86e4a741e1c19065561aab
                                                                                                                                                                                                    • Instruction ID: f229c8d9000bcd02503afa31e2cdd9bfe5e9236cd41b42d400ff7bc6427148dd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cc6b2fa2d57ae64701828bcc46915c11e5e89868c86e4a741e1c19065561aab
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAE0123278830079F6345B599D43F1FF7B2DBC6F20F20161AB6503A1D48660A8658A6B
                                                                                                                                                                                                    Function 00447184 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 51a8db6ccddd553a971b73af16fdfca037f402f66e05249089438f0e0f82a2a1
                                                                                                                                                                                                    • Instruction ID: e0db9874e88c2a038deed9e0286096416c58587e34eebf01a8d89cd21c02e7d1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51a8db6ccddd553a971b73af16fdfca037f402f66e05249089438f0e0f82a2a1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADE0D830404540CBD204AF2CC94EA29F7F0BB15324F3483A9E475676D48F718896C75A
                                                                                                                                                                                                    Function 021E4290 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3b9ae1ce27e608f65a4408c1dd97efe55bced2bac2bc0e4cce606e6fa13e3b26
                                                                                                                                                                                                    • Instruction ID: 415c857baff14f4bcfb1a689e4312d7c7075e4385d0c5681e6a726b3eadbee11
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b9ae1ce27e608f65a4408c1dd97efe55bced2bac2bc0e4cce606e6fa13e3b26
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DDE026B06802006AEA10AF349D02E22F236A702720F108715E435676C5DAB09890C926
                                                                                                                                                                                                    Function 00443AC4 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 26075db0523ef7dc83a5f1a02cfc94db9dd297b9c95460206ec6e402f33b5506
                                                                                                                                                                                                    • Instruction ID: 1c972a9e009296df06aa0a1a13786782ac44b47b7124fb7de5fc79dbc75fa492
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26075db0523ef7dc83a5f1a02cfc94db9dd297b9c95460206ec6e402f33b5506
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DE04F305444009FD218EF2CC58AB6AF7B1AB42329F248369EDA49B2D1DB759C51CA5A
                                                                                                                                                                                                    Function 00443BE4 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: bc8c696113d6ce36235e5317b1a68c620cef1ef7b3d6c00625a8ccd879d21b5b
                                                                                                                                                                                                    • Instruction ID: 5e837105d7c612cfae485f9da38f4c291c667521d72e0d1df1bca9835c04eef6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc8c696113d6ce36235e5317b1a68c620cef1ef7b3d6c00625a8ccd879d21b5b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7E08671904400DFD618EF2CC589A6DF7F2AB42329F20879DE978A72C1CB759C91CA5E
                                                                                                                                                                                                    Function 02200754 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4ee2c16a5d46186dff5dd5ef906033169628c42853dbd08a607f8e001e662216
                                                                                                                                                                                                    • Instruction ID: 7a045cce00e05a922076d233c06a0520246b9d1a2235213e731dff3004afe72a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ee2c16a5d46186dff5dd5ef906033169628c42853dbd08a607f8e001e662216
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADD05E32A401006ED620EA89ED09DEBFBB8DB87272F101677F569E75808B215895CA76
                                                                                                                                                                                                    Function 0044F1C3 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c84916ed953c3f3b9895cbc3f1f9201fd254e7a6780164b42f73286b89193546
                                                                                                                                                                                                    • Instruction ID: 9e7d82a5988ae5b8e5fe76d7e9b1248bc9e3aa533ed468d6d07b0fc92bf7d926
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c84916ed953c3f3b9895cbc3f1f9201fd254e7a6780164b42f73286b89193546
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BED0C2209082408EE110BB2C884EBBAFBB45703320F1413B7ADB4531E28F784899D92F
                                                                                                                                                                                                    Function 00447C04 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 08ed64fa11609542c78cca2c2d6810cdded1b011cf5c55ff77f5637687c52791
                                                                                                                                                                                                    • Instruction ID: b65383c74ac52018b3c197b5342fa7f43e9bccaf28d254a680063be1c5b63cd3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08ed64fa11609542c78cca2c2d6810cdded1b011cf5c55ff77f5637687c52791
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10E08C74910401CBC204FF28C98A8AEFBB1AB86310F108799ACE0532D08F318868C6AB
                                                                                                                                                                                                    Function 021EC264 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 61b3efc1ad0dcd4c4fb947af304ee38301e4bd9abdf0d5aed4da35a7cc78aef0
                                                                                                                                                                                                    • Instruction ID: f25aabf1ae15147951015e0d5a9fd45c906fb06564d3eb481214ab761e3675ae
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61b3efc1ad0dcd4c4fb947af304ee38301e4bd9abdf0d5aed4da35a7cc78aef0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76E04F35944101AFDA04DF68CD46C2EFB71BB46330F208769E8B4532E49B7194758A52
                                                                                                                                                                                                    Function 0045A084 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 7b0d427259ed6c6ee3d77b2d85a74baa5fa258c02bff5f703d0a65fa252e9c9f
                                                                                                                                                                                                    • Instruction ID: df1bdc92a74d1700b316cc147d54a107c6c736f0c40f3934ac32186c6d6635f2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b0d427259ed6c6ee3d77b2d85a74baa5fa258c02bff5f703d0a65fa252e9c9f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3D05E2290410056C4607A2D9D06C6BF6759BC3730F505B1A7CF0671D48E5088A8D6AB
                                                                                                                                                                                                    Function 021FB21F Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9a965a3847d6fd85fe49b9a71bc261565dc59896e80dc24bdbc390dcd232332d
                                                                                                                                                                                                    • Instruction ID: 3aef0b289d87ba47883a7c23a949a8935231c248b8656da44a9c42699dfea894
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a965a3847d6fd85fe49b9a71bc261565dc59896e80dc24bdbc390dcd232332d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DD05E69CC9140DCEE686A64D9012BABB396706325F142A85C8BAA2591C77414A5CE1A
                                                                                                                                                                                                    Function 02200A84 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 09ba17729bd5d88b31f4638d67b35cb22dc8868e5d48a75b62e65dbffccccb3d
                                                                                                                                                                                                    • Instruction ID: 63e5bb81f34edc1d48459398311e08418358f8737fe53c7f2ca63dd85ec89618
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09ba17729bd5d88b31f4638d67b35cb22dc8868e5d48a75b62e65dbffccccb3d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DD05E70AA0500AAFA397AAD8981B3AF2766303320F50132299B4521D88BB44865D95B
                                                                                                                                                                                                    Function 021EA3D4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 193be8b48b90d8a734562298d340cd31d23fe2540c00b378d699fede9d4c8437
                                                                                                                                                                                                    • Instruction ID: 2389a886a821c0131dc8699e93a8e96126f494a9b78a42cd0eee796d0ae0bb0e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 193be8b48b90d8a734562298d340cd31d23fe2540c00b378d699fede9d4c8437
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADD05EA1DD0A00DAE924BA3C9C05B7EF26AAB12734F105362D9B2560D4DB7044A6C91B
                                                                                                                                                                                                    Function 0040B8A6 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6ceacb64a2b968712f6c86144fef24138c1c01d6f232b868a38ccfa79870116f
                                                                                                                                                                                                    • Instruction ID: 9f4c7ad1f42c44dc5d22a55a4b943a80109fd31d141c77fbe6b83246b64d1d64
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ceacb64a2b968712f6c86144fef24138c1c01d6f232b868a38ccfa79870116f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35D05E34904200AFDA54EF10C44DDA9F7B1FB49310F10DA9AF89897610CB35A890CF56
                                                                                                                                                                                                    Function 004471F4 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 39e3507f90c7957a9ec9b4b60f139af7f3a98d05239de6659437c4d82b7cca0e
                                                                                                                                                                                                    • Instruction ID: 6fdae2d8504fa7199189f38e1a958ab84445a28ea2f5dd996e8c92761f63f787
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39e3507f90c7957a9ec9b4b60f139af7f3a98d05239de6659437c4d82b7cca0e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23D05B355001019FC218AF08C549D69F7B1EB45320F10D75ABCB5576D09B70D850DB56
                                                                                                                                                                                                    Function 004472E4 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 649d0f2e453ba76ecc92578c48ea5d8597f263585f695c7754fb17d39c93d1ce
                                                                                                                                                                                                    • Instruction ID: 4f5463fadc2583526ae74a27d45805d8fa500552a1c5995fa80556aac70ffda2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 649d0f2e453ba76ecc92578c48ea5d8597f263585f695c7754fb17d39c93d1ce
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAD05E759044009FC218FB2CCA8ACAAFBB1AB46320F109369AD74972D48B309850CA6E
                                                                                                                                                                                                    Function 00443A94 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: fe2482fd652db5cae49e3451d385bb55a88a988117ece077cb99415c304b0f67
                                                                                                                                                                                                    • Instruction ID: a7684159e55173940dd2a76da566ad614dc27475d905f90611ffb08bfc1a0da4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe2482fd652db5cae49e3451d385bb55a88a988117ece077cb99415c304b0f67
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65D05E759044009FC218FB2CC94AD7EFBB1AB46320F1093A9AD74976D19B309850CA9E
                                                                                                                                                                                                    Function 0043B744 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 0d69d6fd6f9b29563482fd035f0382c706e4e1949feb3a25bc68255c36a89193
                                                                                                                                                                                                    • Instruction ID: 4d567fc7a9e2a12dcc25d90fea93ba79ce2ecb4c13a5a0fd64632d900955f125
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d69d6fd6f9b29563482fd035f0382c706e4e1949feb3a25bc68255c36a89193
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65D05B759045014BC104EF3CC94692DF7B07B46330F24577DA874976D59F309851C69B
                                                                                                                                                                                                    Function 021F3610 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 98e4a7760fed5e4569e57e6e88091d3c4a51eebbaec9828743240189d3208626
                                                                                                                                                                                                    • Instruction ID: 5870e8510e4ae491f452fbe8b8d24bb876ea51daabd5b29bab28fb47c4aa4ba5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98e4a7760fed5e4569e57e6e88091d3c4a51eebbaec9828743240189d3208626
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38D05E30944100AFEA18EB10C946DAAF7B1BB49311F20928EE95A576408B30D8508E56
                                                                                                                                                                                                    Function 021E9AE5 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: df183c73509ab6b219909db85da878df3d715ba48a9c0aa666d5408953a30d8d
                                                                                                                                                                                                    • Instruction ID: dfe21c7a973fbd6f2643ff5f411c09eba1c07293fe7689729cabee57b0066152
                                                                                                                                                                                                    • Opcode Fuzzy Hash: df183c73509ab6b219909db85da878df3d715ba48a9c0aa666d5408953a30d8d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2D0A774540400AEE514EB64C80AF3EF3B5AB11310F009259A569E71C0CB704811CB16
                                                                                                                                                                                                    Function 02214343 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 1a197028e447122f38d1ae559ca1c8b2e39a59ea8b7d159895ef6f61fde05408
                                                                                                                                                                                                    • Instruction ID: ccfee6a9e7845f8cb336217fa835b8c30379c820646366b14b82316b60fa510f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a197028e447122f38d1ae559ca1c8b2e39a59ea8b7d159895ef6f61fde05408
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1D067749497009F8704DF18C584816FBF1AB89360F15DA5EA8AA573A1C734D850DE19
                                                                                                                                                                                                    Function 021EC1FE Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b266ff9546c142364a2e78132bb7b46cd658b69269ba6b3d5b70828d910d9a72
                                                                                                                                                                                                    • Instruction ID: 5e1cbe739e8e369ca5c6c11b3ea624be6b56e13529fd756b36040fa71a6e73be
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b266ff9546c142364a2e78132bb7b46cd658b69269ba6b3d5b70828d910d9a72
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FC012B1AD47407EAE00EF249D00C3AE26BAB92300F012C69B06B331208B31C8208A19
                                                                                                                                                                                                    Function 0048405D Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 387660c7b844b181340580924c8d9088188e4b971f4c15bafd12423524f94e8c
                                                                                                                                                                                                    • Instruction ID: ca19f14242b02673c000f1941aee64a7364afea9d4755b5cbde3392c8741f674
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 387660c7b844b181340580924c8d9088188e4b971f4c15bafd12423524f94e8c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7C012358066045A9240BF24D145829F7F0AB42224F10E70EAC95132918A24D450C609
                                                                                                                                                                                                    Function 0041BB8F Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b0f44980c364ef8ab6f3f764d9d8a5b1ea8f79f7f81b729f8769755cae661163
                                                                                                                                                                                                    • Instruction ID: 94400e9243683bc33c89b8c214603524cea599c7aaca585e21d42fa70d098eab
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0f44980c364ef8ab6f3f764d9d8a5b1ea8f79f7f81b729f8769755cae661163
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37C08C344406004AC240BF108949FBFE2F09F92B04F00A86E6145671438A788481A25E
                                                                                                                                                                                                    Function 0047F7DD Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 94ab88a88b6de687f71a2d614d13860ab7ec9ab73f75f2a6d1e88c5a16dfd76e
                                                                                                                                                                                                    • Instruction ID: d2824cb849cc635958b66dd51d0481a6dd1684ebcb8b2d62901e451f907eecbb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94ab88a88b6de687f71a2d614d13860ab7ec9ab73f75f2a6d1e88c5a16dfd76e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5C08C35A0060407C000FA3A9646C6DB3F08B83320F00BA36A904A32468934D800C22E
                                                                                                                                                                                                    Function 021ED484 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 982c8c3ac55fca8343ce6b307e95377c66b654ed06f08a9c4282afd42dc35583
                                                                                                                                                                                                    • Instruction ID: d23c9693065afcd53dc4321e6ba5134ff0e17f882b3ac930698b3fb0b20b74b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 982c8c3ac55fca8343ce6b307e95377c66b654ed06f08a9c4282afd42dc35583
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8ED012349452009F8304DF18C544C2BFBF1ABC6320F10D61EA89C533A8C730DC40CA1A
                                                                                                                                                                                                    Function 0046F985 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 69564e86dfbae79d91689b0c2c86ca9201c10a2a0ecbd5503d9a715da9641311
                                                                                                                                                                                                    • Instruction ID: f629b51945b58fd5b1b57a9e327500047c1cdfeb64289b8ec367c960ccba5c9f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69564e86dfbae79d91689b0c2c86ca9201c10a2a0ecbd5503d9a715da9641311
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19B09231A481004B8104EE18C181C3EE3F09BA2300F01A41AE800A3251CA24EC01D60D
                                                                                                                                                                                                    Function 0045BF75 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 6a062d8a5930d3dc60d04a0c69c710b1cf3b3eb45255681243a8cc14c33db2d6
                                                                                                                                                                                                    • Instruction ID: 06731797fd3f9a811cae73909ae8b1ee7f73971f34cef10e833d6b4a76c94fae
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a062d8a5930d3dc60d04a0c69c710b1cf3b3eb45255681243a8cc14c33db2d6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8B09231A082004B8104EE18C181C3EF3F0AB92300F11A85AE800632418A24E801960D
                                                                                                                                                                                                    Function 071BEFA6 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2643644155.00000000071B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 071B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643571719.00000000071B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643949504.00000000073FF000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644109389.0000000007433000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644267194.0000000007450000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644360171.0000000007471000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.0000000007527000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.000000000752B000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.000000000752C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.0000000007570000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_71b0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 128c8e32740ea8bc539a2d868f3cbf038b636f69d9f8aa2655646d1a0771a0dc
                                                                                                                                                                                                    • Instruction ID: aed2697222b6ed5dd7ad4aa62873c6925e3fc32de3568dadf62725630396b0cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 128c8e32740ea8bc539a2d868f3cbf038b636f69d9f8aa2655646d1a0771a0dc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73B092B1A001008A9200DE248248C26E3F09B52240F01A406A108632108572D810890D
                                                                                                                                                                                                    Function 0046FA64 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 7b38f1e40001fbe16c2eaaf175bb2a7b126b5751ccb86c3dd3f9bed1b457ff8a
                                                                                                                                                                                                    • Instruction ID: 88cd8225a521972af830e19f40ff539d4d474748139e55920b30b349f1987aba
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b38f1e40001fbe16c2eaaf175bb2a7b126b5751ccb86c3dd3f9bed1b457ff8a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EBB09271E004004B8200FE2D8285C2AF6F09B93320F01A7156864A72D58A20D810D62E
                                                                                                                                                                                                    Function 0044D294 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9a0cb08b8bc871d86613cdda2feb689a8f57f2de22de96adbdf4c42ccdd08976
                                                                                                                                                                                                    • Instruction ID: e326bab223ed8eacb73ef5177e265b9e346f648bec3d3ee9f7b3010d49bb8959
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a0cb08b8bc871d86613cdda2feb689a8f57f2de22de96adbdf4c42ccdd08976
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5B09269C00400468100BF2C8241C3AF2F09B97720F01A7156C74A72E59A20CC90D62E
                                                                                                                                                                                                    Function 02208256 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 5fd69456251c9029bb04760eca657ffc9353ee2fb67ae4466f0bd4a8644717c5
                                                                                                                                                                                                    • Instruction ID: 76e1621a7639e9be86e1d63d22cf02ac926b1e1b7e04e773d1687d44b80c1feb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fd69456251c9029bb04760eca657ffc9353ee2fb67ae4466f0bd4a8644717c5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37B01270E401005F8A04DF24C284C27F3F05B53700F05F405E00C73200C630DC00C90C
                                                                                                                                                                                                    Function 021EC2A4 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 4879600849769bc79f27e3587742d9020efabada795fbfda365d529b664a3ee4
                                                                                                                                                                                                    • Instruction ID: f34c2c29f345c74226323af25c1b2235e9f67908c53c7a85012f48cbf63686d7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4879600849769bc79f27e3587742d9020efabada795fbfda365d529b664a3ee4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06B01132EC08002A0800FE2C8A00C33F2300323330F2233228028B32C88A30C8A0883E
                                                                                                                                                                                                    Function 071B1790 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 168fileregistrywindowCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 253 71b1790-71b17a3 254 71b17a9-71b17df wvsprintfA GetStdHandle 253->254 255 71b197f-71b1990 ExitProcess 253->255 256 71b187c-71b189a GetModuleHandleA 254->256 257 71b17e5-71b17f0 GetModuleHandleA 254->257 260 71b189c-71b18aa GetModuleFileNameA 256->260 261 71b18e7-71b18f3 256->261 258 71b1828-71b1838 257->258 259 71b17f2-71b17f9 257->259 267 71b183f-71b1847 258->267 262 71b17fb-71b1807 call 71b1790 259->262 263 71b1808-71b1812 259->263 264 71b18ac-71b18b1 260->264 265 71b18b3-71b18bf 260->265 266 71b18f8-71b1904 261->266 262->263 271 71b1821-71b1826 263->271 272 71b1814-71b1820 call 71b1790 263->272 264->265 269 71b1919-71b1922 MessageBoxA 264->269 270 71b18c4-71b18d0 265->270 266->269 273 71b1906-71b1913 266->273 274 71b1849-71b185c WriteFile 267->274 275 71b183c 267->275 281 71b1927-71b192e 269->281 270->269 278 71b18d2-71b18df 270->278 271->256 271->258 272->271 273->266 280 71b1915 273->280 276 71b1863-71b186a 274->276 275->267 283 71b186c-71b1877 WriteFile 276->283 284 71b1860 276->284 278->270 285 71b18e1-71b18e5 278->285 280->269 281->255 282 71b1930-71b1937 281->282 287 71b1939-71b193e call 71b1d50 282->287 288 71b1943-71b194f RegisterEventSourceA 282->288 283->281 284->276 285->269 287->288 288->255 290 71b1951-71b197a ReportEventA DeregisterEventSource 288->290 290->255
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wvsprintfA.USER32(?,?,?), ref: 071B17CE
                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8,?), ref: 071B17D5
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8,?), ref: 071B17E7
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,-00000001,?,00000000,00000000,000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8), ref: 071B184F
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,07471102,-00000001,?,00000000,00000000,?,-00000001,?,00000000,00000000,000000F4,?,?), ref: 071B1872
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8,?), ref: 071B1893
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8,?), ref: 071B18A3
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,?,?,00012010), ref: 071B1922
                                                                                                                                                                                                    • RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 071B1946
                                                                                                                                                                                                    • ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 071B1974
                                                                                                                                                                                                    • DeregisterEventSource.ADVAPI32(00000000), ref: 071B197A
                                                                                                                                                                                                    • ExitProcess.KERNEL32(00000001,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8,?), ref: 071B1981
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2643644155.00000000071B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 071B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643571719.00000000071B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643949504.00000000073FF000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644109389.0000000007433000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644267194.0000000007450000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644360171.0000000007471000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.0000000007527000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.000000000752B000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.000000000752C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.0000000007570000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_71b0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EventFileHandleModule$SourceWrite$DeregisterExitMessageNameProcessRegisterReportwvsprintf
                                                                                                                                                                                                    • String ID: Invalid DOS signature$Invalid PE signature$MZ
                                                                                                                                                                                                    • API String ID: 384906841-3164051366
                                                                                                                                                                                                    • Opcode ID: c4cdea6308507d740ac5d34348db42be3772286fab2b7858fd23fc2d798199bb
                                                                                                                                                                                                    • Instruction ID: ce7fe328a1cf8cb541048290b72e729d1e982a89827f894a022605c0d3ac3fd0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4cdea6308507d740ac5d34348db42be3772286fab2b7858fd23fc2d798199bb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 655166F1704349BBF336AA34DC65BEB7789AF96750F06452DF6448B2C1EBB088448263
                                                                                                                                                                                                    Function 02394300 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 168fileregistrywindowCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 214 2394300-2394313 215 2394319-239434f wvsprintfA GetStdHandle 214->215 216 23944ef-2394500 ExitProcess 214->216 217 23943ec-239440a GetModuleHandleA 215->217 218 2394355-2394360 GetModuleHandleA 215->218 221 239440c-239441a GetModuleFileNameA 217->221 222 2394457-2394463 217->222 219 2394398-23943a8 218->219 220 2394362-2394369 218->220 224 23943af-23943b7 219->224 225 2394378-2394382 220->225 226 239436b-2394377 call 2394300 220->226 227 239441c-2394421 221->227 228 2394423-239442f 221->228 223 2394468-2394474 222->223 229 2394489-2394492 MessageBoxA 223->229 230 2394476-2394483 223->230 231 23943b9-23943cc WriteFile 224->231 232 23943ac 224->232 235 2394391-2394396 225->235 236 2394384-2394390 call 2394300 225->236 226->225 227->228 227->229 234 2394434-2394440 228->234 238 2394497-239449e 229->238 230->223 237 2394485 230->237 239 23943d3-23943da 231->239 232->224 234->229 241 2394442-239444f 234->241 235->217 235->219 236->235 237->229 238->216 244 23944a0-23944a7 238->244 245 23943dc-23943e7 WriteFile 239->245 246 23943d0 239->246 241->234 247 2394451-2394455 241->247 248 23944a9-23944ae call 23948c0 244->248 249 23944b3-23944bf RegisterEventSourceA 244->249 245->238 246->239 247->229 248->249 249->216 251 23944c1-23944ea ReportEventA DeregisterEventSource 249->251 251->216
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • wvsprintfA.USER32(?,?,?), ref: 0239433E
                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F4,?,?,?,?,02394185,Invalid PE signature,?,?,02395D68,?), ref: 02394345
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,000000F4,?,?,?,?,02394185,Invalid PE signature,?,?,02395D68,?), ref: 02394357
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,-00000001,?,00000000,00000000,000000F4,?,?,?,?,02394185,Invalid PE signature,?,?,02395D68), ref: 023943BF
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,024DBC7A,-00000001,?,00000000,00000000,?,-00000001,?,00000000,00000000,000000F4,?,?), ref: 023943E2
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,000000F4,?,?,?,?,02394185,Invalid PE signature,?,?,02395D68,?), ref: 02394403
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,000000F4,?,?,?,?,02394185,Invalid PE signature,?,?,02395D68,?), ref: 02394413
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,?,?,00012010), ref: 02394492
                                                                                                                                                                                                    • RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 023944B6
                                                                                                                                                                                                    • ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 023944E4
                                                                                                                                                                                                    • DeregisterEventSource.ADVAPI32(00000000), ref: 023944EA
                                                                                                                                                                                                    • ExitProcess.KERNEL32(00000001,?,?,?,?,02394185,Invalid PE signature,?,?,02395D68,?), ref: 023944F1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EventFileHandleModule$SourceWrite$DeregisterExitMessageNameProcessRegisterReportwvsprintf
                                                                                                                                                                                                    • String ID: Invalid DOS signature$Invalid PE signature$MZ
                                                                                                                                                                                                    • API String ID: 384906841-3164051366
                                                                                                                                                                                                    • Opcode ID: fd9b624a4f805817fb53bd5acd52a671578de4128ccc5ff5d9211ac79095783b
                                                                                                                                                                                                    • Instruction ID: cdf62644077499af4a4b2c05f8c1e5f9b1bfa4533156d21d1b5b85f95c46f04d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd9b624a4f805817fb53bd5acd52a671578de4128ccc5ff5d9211ac79095783b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 105119B17043446BEF34AA34DC90BBB7699AB83718F14491DF7849B2C1EBB1D8468B61
                                                                                                                                                                                                    Function 0040DAD0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 194memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 292 40dad0-40dae0 GetCommandLineA 293 40dae2-40daee call 40ce00 292->293 294 40daef-40db21 GetProcessHeap HeapAlloc 292->294 293->294 295 40db30-40db47 294->295 296 40db23-40db2f call 40ce00 294->296 299 40dc5f-40dc66 295->299 296->295 302 40dc68-40dc6b 299->302 303 40dc5c 299->303 302->303 304 40dc6d-40dc6f 302->304 303->299 305 40dc75-40dc92 GetProcessHeap HeapAlloc 304->305 306 40db78-40db9d call 40da30 GetProcessHeap HeapAlloc 304->306 308 40dc94-40dc9d call 40ce00 305->308 309 40dc9e-40dca0 305->309 317 40dba9-40dbbb call 40da30 306->317 318 40db9f-40dba8 call 40ce00 306->318 308->309 310 40dcf0-40dd1e call 40d560 309->310 311 40dca2-40dcaa 309->311 314 40dcc0-40dcc2 311->314 315 40dcac-40dcb7 311->315 322 40dcc4-40dcee 314->322 315->310 321 40dcb9-40dcbe 315->321 327 40dc01-40dc0b 317->327 328 40dbbd-40dbc1 317->328 318->317 321->322 322->310 322->322 329 40dc42-40dc58 327->329 330 40dc0d-40dc32 GetProcessHeap HeapReAlloc 327->330 331 40dbc7-40dbcc 328->331 329->299 332 40dc34-40dc3d call 40ce00 330->332 333 40dc3e 330->333 334 40dbd7-40dbd9 331->334 335 40dbce-40dbd1 331->335 332->333 333->329 339 40dbdf-40dbe4 334->339 337 40dbd3-40dbd5 335->337 338 40dbc4 335->338 337->334 341 40dbef-40dbfb call 40d7f0 337->341 338->331 339->327 342 40dbe6-40dbe9 339->342 341->327 347 40db4c-40db4e 341->347 343 40dbeb-40dbed 342->343 344 40dbdc 342->344 343->327 343->341 344->339 347->299 348 40db54-40db64 GetProcessHeap HeapFree 347->348 348->299 349 40db6a-40db73 call 40ce00 348->349 349->299
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCommandLineA.KERNEL32 ref: 0040DAD7
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 0040DB0E
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000000,00000040), ref: 0040DB18
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,00000040), ref: 0040DB54
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,00000000,00000000), ref: 0040DB5D
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000040), ref: 0040DC79
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000040), ref: 0040DC89
                                                                                                                                                                                                      • Part of subcall function 0040CE00: wvsprintfA.USER32(?,00000010,?), ref: 0040CE3E
                                                                                                                                                                                                      • Part of subcall function 0040CE00: GetStdHandle.KERNEL32(000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?,?,00000000,0040F5BA), ref: 0040CE45
                                                                                                                                                                                                      • Part of subcall function 0040CE00: GetModuleHandleA.KERNEL32(00000000,000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?,?,00000000,0040F5BA), ref: 0040CE57
                                                                                                                                                                                                      • Part of subcall function 0040CE00: WriteFile.KERNEL32(00000000,?,-00000001,?,00000000,00000000,000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?), ref: 0040CEBF
                                                                                                                                                                                                      • Part of subcall function 0040CE00: WriteFile.KERNEL32(00000000,004D1D2A,-00000001,?,00000000,00000000,?,-00000001,?,00000000,00000000,000000F4,00000000,?), ref: 0040CEE2
                                                                                                                                                                                                      • Part of subcall function 0040CE00: RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 0040CFB6
                                                                                                                                                                                                      • Part of subcall function 0040CE00: ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 0040CFE4
                                                                                                                                                                                                      • Part of subcall function 0040CE00: DeregisterEventSource.ADVAPI32(00000000), ref: 0040CFEA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$EventProcess$AllocFileHandleSourceWrite$CommandDeregisterFreeLineModuleRegisterReportwvsprintf
                                                                                                                                                                                                    • String ID: FATAL ERROR: Memory deallocation failed.$Not enough memory for initialization.$Unable to query command line
                                                                                                                                                                                                    • API String ID: 1497329084-1432022537
                                                                                                                                                                                                    • Opcode ID: 143525645fdd7f03898757b9460e45e74e09eedc14520ff5d653e467bab03f08
                                                                                                                                                                                                    • Instruction ID: 541c4bd7622424f75a6e90d7e325514e9413fd0d68570b43da93401dcb4272f9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 143525645fdd7f03898757b9460e45e74e09eedc14520ff5d653e467bab03f08
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E51D071908301ABD720AF94C811B2BB7A5AF80744F11483EF941BB392DB79EC49C7DA
                                                                                                                                                                                                    Function 023965A0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 123memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 352 23965a0-23965be GetEnvironmentVariableA 353 23966f2 352->353 354 23965c4-23965d6 GetProcessHeap HeapAlloc 352->354 357 23966f4-2396700 353->357 355 23965d8-23965e4 call 2394300 354->355 356 23965e5-23965ef GetEnvironmentVariableA 354->356 355->356 359 23966cf-23966d1 356->359 360 23965f5-23965f7 356->360 359->353 361 23966d3-23966e3 GetProcessHeap HeapFree 359->361 360->359 363 23965fd-23965ff 360->363 361->353 364 23966e5-23966f1 call 2394300 361->364 363->353 365 2396605-2396655 call 2394880 call 2396710 GetProcessHeap HeapFree 363->365 364->353 372 2396664-2396666 365->372 373 2396657-2396663 call 2394300 365->373 372->353 375 239666c-239667a 372->375 373->372 377 2396681-2396687 375->377 378 2396689-239668b 377->378 379 239667c 377->379 380 239667e 378->380 381 239668d-239668f 378->381 379->380 380->377 382 2396691-2396694 381->382 383 2396696 381->383 384 239669a-23966a1 382->384 383->384 385 23966a9-23966af 384->385 386 23966b1-23966b3 385->386 387 23966a4 385->387 388 23966a6 386->388 389 23966b5-23966b7 386->389 387->388 388->385 390 23966b9-23966bc 389->390 391 23966be 389->391 392 23966c2-23966cd 390->392 391->392 392->357
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(PATH,00000000,00000000,025C2038,00000000,JR_Loader,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,023962E3,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,005CC940,?,?,?), ref: 023965B5
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(PATH,00000000,00000000,025C2038,00000000,JR_Loader,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,023962E3,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,005CC940,?,?,?), ref: 023965C4
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000000,00000000,PATH,00000000,00000000,025C2038,00000000,JR_Loader,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,023962E3,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,005CC940,?,?,?), ref: 023965CD
                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(PATH,00000000,00000000,00000000,00000000,00000000,PATH,00000000,00000000,025C2038,00000000,JR_Loader,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,023962E3,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,005CC940), ref: 023965E8
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,?,00000000,?,jet%d%02d.home,?,?,PATH,00000000,00000000,00000000,00000000,00000000,PATH,00000000,00000000), ref: 02396642
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,00000000,?,jet%d%02d.home,?,?,PATH,00000000,00000000,00000000,00000000,00000000), ref: 0239664B
                                                                                                                                                                                                      • Part of subcall function 02394300: wvsprintfA.USER32(?,?,?), ref: 0239433E
                                                                                                                                                                                                      • Part of subcall function 02394300: GetStdHandle.KERNEL32(000000F4,?,?,?,?,02394185,Invalid PE signature,?,?,02395D68,?), ref: 02394345
                                                                                                                                                                                                      • Part of subcall function 02394300: GetModuleHandleA.KERNEL32(00000000,000000F4,?,?,?,?,02394185,Invalid PE signature,?,?,02395D68,?), ref: 02394357
                                                                                                                                                                                                      • Part of subcall function 02394300: WriteFile.KERNEL32(00000000,?,-00000001,?,00000000,00000000,000000F4,?,?,?,?,02394185,Invalid PE signature,?,?,02395D68), ref: 023943BF
                                                                                                                                                                                                      • Part of subcall function 02394300: WriteFile.KERNEL32(00000000,024DBC7A,-00000001,?,00000000,00000000,?,-00000001,?,00000000,00000000,000000F4,?,?), ref: 023943E2
                                                                                                                                                                                                      • Part of subcall function 02394300: RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 023944B6
                                                                                                                                                                                                      • Part of subcall function 02394300: ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 023944E4
                                                                                                                                                                                                      • Part of subcall function 02394300: DeregisterEventSource.ADVAPI32(00000000), ref: 023944EA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$Event$EnvironmentFileHandleProcessSourceVariableWrite$AllocDeregisterFreeModuleRegisterReportwvsprintf
                                                                                                                                                                                                    • String ID: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll$FATAL ERROR: Memory deallocation failed.$JR_Loader$Not enough memory for initialization.$PATH$jet%d%02d.home
                                                                                                                                                                                                    • API String ID: 2461539898-4075319760
                                                                                                                                                                                                    • Opcode ID: 6572b59ebd4e1ad53b5140dc7294046de958291962bccbcb257a7e85b489d44f
                                                                                                                                                                                                    • Instruction ID: cd429f37dd0178e342d271333ca9b0c93e9f20b0deeb1de8ba24f3260a0f63db
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6572b59ebd4e1ad53b5140dc7294046de958291962bccbcb257a7e85b489d44f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF315B7170635426EE3135B89D62B7B7B9E8F53754F150229EE808F2D2EF76C8014EA1
                                                                                                                                                                                                    Function 0040D1B0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 151fileregistrywindowCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 393 40d1b0-40d1c6 GetStdHandle 394 40d268-40d28b GetModuleHandleA 393->394 395 40d1cc-40d1d7 GetModuleHandleA 393->395 398 40d2d5-40d2e2 394->398 399 40d28d-40d29b GetModuleFileNameA 394->399 396 40d1d9-40d1e1 395->396 397 40d20f-40d228 395->397 400 40d1f0-40d1f9 396->400 401 40d1e3-40d1ef call 40ce00 396->401 405 40d22f-40d233 397->405 404 40d2e4-40d2ee 398->404 402 40d2a4-40d2af 399->402 403 40d29d-40d2a2 399->403 411 40d208-40d20d 400->411 412 40d1fb-40d207 call 40ce00 400->412 401->400 410 40d2b4-40d2bf 402->410 403->402 409 40d301-40d30a MessageBoxA 403->409 404->409 413 40d2f0-40d2fb 404->413 406 40d235-40d248 WriteFile 405->406 407 40d22c 405->407 415 40d24f-40d256 406->415 407->405 414 40d30f-40d316 409->414 410->409 417 40d2c1-40d2cd 410->417 411->394 411->397 412->411 413->404 419 40d2fd 413->419 420 40d367-40d371 414->420 421 40d318-40d31f 414->421 422 40d258-40d263 WriteFile 415->422 423 40d24c 415->423 417->410 424 40d2cf-40d2d3 417->424 419->409 426 40d321-40d326 call 40d3c0 421->426 427 40d32b-40d337 RegisterEventSourceA 421->427 422->414 423->415 424->409 426->427 427->420 429 40d339-40d362 ReportEventA DeregisterEventSource 427->429 429->420
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F4), ref: 0040D1BC
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,000000F4), ref: 0040D1CE
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,00000000,000000F4), ref: 0040D23B
                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,004D1D2A,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,000000F4), ref: 0040D25E
                                                                                                                                                                                                      • Part of subcall function 0040CE00: wvsprintfA.USER32(?,00000010,?), ref: 0040CE3E
                                                                                                                                                                                                      • Part of subcall function 0040CE00: GetStdHandle.KERNEL32(000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?,?,00000000,0040F5BA), ref: 0040CE45
                                                                                                                                                                                                      • Part of subcall function 0040CE00: GetModuleHandleA.KERNEL32(00000000,000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?,?,00000000,0040F5BA), ref: 0040CE57
                                                                                                                                                                                                      • Part of subcall function 0040CE00: WriteFile.KERNEL32(00000000,?,-00000001,?,00000000,00000000,000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?), ref: 0040CEBF
                                                                                                                                                                                                      • Part of subcall function 0040CE00: WriteFile.KERNEL32(00000000,004D1D2A,-00000001,?,00000000,00000000,?,-00000001,?,00000000,00000000,000000F4,00000000,?), ref: 0040CEE2
                                                                                                                                                                                                      • Part of subcall function 0040CE00: RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 0040CFB6
                                                                                                                                                                                                      • Part of subcall function 0040CE00: ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 0040CFE4
                                                                                                                                                                                                      • Part of subcall function 0040CE00: DeregisterEventSource.ADVAPI32(00000000), ref: 0040CFEA
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,000000F4), ref: 0040D284
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,000000F4), ref: 0040D294
                                                                                                                                                                                                    • MessageBoxA.USER32(00000000,?,?,00012010), ref: 0040D30A
                                                                                                                                                                                                    • RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 0040D32E
                                                                                                                                                                                                    • ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 0040D35C
                                                                                                                                                                                                    • DeregisterEventSource.ADVAPI32(00000000), ref: 0040D362
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Event$FileHandle$ModuleSourceWrite$DeregisterRegisterReport$MessageNamewvsprintf
                                                                                                                                                                                                    • String ID: Invalid DOS signature$Invalid PE signature$MZ
                                                                                                                                                                                                    • API String ID: 2389884714-3164051366
                                                                                                                                                                                                    • Opcode ID: 78045e0f8bfac72d4be8214131c0b61fe3fe9c37420b6fbc1ec51a790e631edc
                                                                                                                                                                                                    • Instruction ID: 40fe5fae7c55ab7e426adf9fd0a65d4d820a4ce2099174ac06186469e6661b37
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78045e0f8bfac72d4be8214131c0b61fe3fe9c37420b6fbc1ec51a790e631edc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27415B71A047006BE720A7A98C51B3B7A999F81714F18453FF950AB3D2EBBDDC44835A
                                                                                                                                                                                                    Function 0040DD30 Relevance: 18.2, APIs: 10, Strings: 2, Instructions: 179memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 431 40dd30-40dd5b GetProcessHeap HeapAlloc 432 40dd6a-40dd80 431->432 433 40dd5d-40dd69 call 40ce00 431->433 434 40de95-40de9e 432->434 433->432 436 40de90 434->436 437 40dea0-40dea3 434->437 436->434 437->436 439 40dea5-40dea7 437->439 440 40ddb4-40dddb call 40da30 GetProcessHeap HeapAlloc 439->440 441 40dead-40dec8 GetProcessHeap HeapAlloc 439->441 450 40dde7-40ddfd call 40da30 440->450 451 40dddd-40dde6 call 40ce00 440->451 443 40ded4-40ded6 441->443 444 40deca-40ded3 call 40ce00 441->444 447 40df22-40df4e call 40d560 443->447 448 40ded8-40dee0 443->448 444->443 453 40dee2-40deec 448->453 454 40def5-40def7 448->454 462 40de44-40de49 450->462 463 40ddff-40de03 450->463 451->450 453->447 458 40deee-40def3 453->458 459 40def8-40df20 454->459 458->459 459->447 459->459 464 40de4b-40de6e GetProcessHeap HeapReAlloc 462->464 465 40de7d-40de8c 462->465 466 40de0b-40de10 463->466 469 40de70-40de79 call 40ce00 464->469 470 40de7a 464->470 465->434 467 40de12-40de14 466->467 468 40de1a-40de1c 466->468 471 40de16-40de18 467->471 472 40de08 467->472 473 40de23-40de28 468->473 469->470 470->465 471->468 475 40de32-40de3e call 40d7f0 471->475 472->466 473->462 476 40de2a-40de2c 473->476 475->462 482 40dd88-40dd8a 475->482 478 40de20 476->478 479 40de2e-40de30 476->479 478->473 479->462 479->475 482->434 483 40dd90-40dda0 GetProcessHeap HeapFree 482->483 483->434 484 40dda6-40ddaf call 40ce00 483->484 484->434
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 0040DD48
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000000,00000040), ref: 0040DD52
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00000040), ref: 0040DEAF
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000000,?,00000000,00000000,00000040), ref: 0040DEBF
                                                                                                                                                                                                      • Part of subcall function 0040CE00: wvsprintfA.USER32(?,00000010,?), ref: 0040CE3E
                                                                                                                                                                                                      • Part of subcall function 0040CE00: GetStdHandle.KERNEL32(000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?,?,00000000,0040F5BA), ref: 0040CE45
                                                                                                                                                                                                      • Part of subcall function 0040CE00: GetModuleHandleA.KERNEL32(00000000,000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?,?,00000000,0040F5BA), ref: 0040CE57
                                                                                                                                                                                                      • Part of subcall function 0040CE00: WriteFile.KERNEL32(00000000,?,-00000001,?,00000000,00000000,000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?), ref: 0040CEBF
                                                                                                                                                                                                      • Part of subcall function 0040CE00: WriteFile.KERNEL32(00000000,004D1D2A,-00000001,?,00000000,00000000,?,-00000001,?,00000000,00000000,000000F4,00000000,?), ref: 0040CEE2
                                                                                                                                                                                                      • Part of subcall function 0040CE00: RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 0040CFB6
                                                                                                                                                                                                      • Part of subcall function 0040CE00: ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 0040CFE4
                                                                                                                                                                                                      • Part of subcall function 0040CE00: DeregisterEventSource.ADVAPI32(00000000), ref: 0040CFEA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$Event$AllocFileHandleProcessSourceWrite$DeregisterModuleRegisterReportwvsprintf
                                                                                                                                                                                                    • String ID: FATAL ERROR: Memory deallocation failed.$Not enough memory for initialization.
                                                                                                                                                                                                    • API String ID: 747936001-1831746946
                                                                                                                                                                                                    • Opcode ID: bea5f2dbe6863476be16d50f0558dd5ee4227133b5dc14529d681fa68058bcae
                                                                                                                                                                                                    • Instruction ID: 547e36128ad4da3ffa29355116f4880a00151a70a81d1835a423b0ac87269b88
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bea5f2dbe6863476be16d50f0558dd5ee4227133b5dc14529d681fa68058bcae
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B951BE70904B05AFC721AF95C850B2BB7A5BF65308F20453EEA846F391DB39A8559BC8
                                                                                                                                                                                                    Function 0040D3C0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 128registryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 487 40d3c0-40d3d0 488 40d3d6-40d439 call 40d380 RegCreateKeyExA 487->488 489 40d4ec-40d4f1 487->489 493 40d549 488->493 494 40d43f-40d45f GetModuleHandleA 488->494 490 40d54b-40d554 489->490 493->490 495 40d465-40d473 GetModuleFileNameA 494->495 496 40d51f-40d52a 494->496 497 40d4f3-40d4fe 495->497 498 40d475-40d47a 495->498 499 40d52c-40d536 496->499 502 40d500-40d50a 497->502 498->497 501 40d47c-40d484 498->501 499->493 500 40d538-40d543 499->500 500->499 503 40d545 500->503 504 40d48b-40d490 501->504 502->493 505 40d50c-40d517 502->505 503->493 506 40d492-40d4a4 RegSetValueExA 504->506 507 40d488 504->507 505->502 508 40d519-40d51d 505->508 509 40d4b1-40d4db RegSetValueExA 506->509 510 40d4a6-40d4ac RegCloseKey 506->510 507->504 508->493 511 40d4e5 509->511 512 40d4dd-40d4e3 RegCloseKey 509->512 510->493 511->489 512->493
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 0040D380: wvsprintfA.USER32(?,?,?), ref: 0040D38E
                                                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(80000002,?,00000000,00000000,00000000,000F003F,00000000,?,?), ref: 0040D432
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,80000002,?,00000000,00000000,00000000,000F003F,00000000,?,?), ref: 0040D458
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,80000002,?,00000000,00000000,00000000,000F003F,00000000,?,?), ref: 0040D46C
                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,EventMessageFile,00000000,00000002,?,-00000002,00000000,?,00000104,00000000,80000002,?,00000000,00000000,00000000,000F003F), ref: 0040D49D
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,EventMessageFile,00000000,00000002,?,-00000002,00000000,?,00000104,00000000,80000002,?,00000000,00000000,00000000), ref: 0040D4A7
                                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,TypesSupported,00000000,00000004,?,00000004,?,EventMessageFile,00000000,00000002,?,-00000002,00000000,?,00000104,00000000), ref: 0040D4D4
                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,TypesSupported,00000000,00000004,?,00000004,?,EventMessageFile,00000000,00000002,?,-00000002,00000000,?,00000104), ref: 0040D4DE
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseModuleValue$CreateFileHandleNamewvsprintf
                                                                                                                                                                                                    • String ID: EventMessageFile$SYSTEM\CurrentControlSet\Services\EventLog\Application\%s$TypesSupported
                                                                                                                                                                                                    • API String ID: 1692877325-3395001353
                                                                                                                                                                                                    • Opcode ID: de1c767eea55c92c1e4539ff5e462e0d3f52c79743d787e432c08b01eec3075b
                                                                                                                                                                                                    • Instruction ID: 9a0afa6e38e0d8161443477f46d831fd6e9deb64377192a1d7a75ba726f34436
                                                                                                                                                                                                    • Opcode Fuzzy Hash: de1c767eea55c92c1e4539ff5e462e0d3f52c79743d787e432c08b01eec3075b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A413DB1A047407AE31096658C16BBB66899BD1718F18853FFE406B3C1EBFCD908879F
                                                                                                                                                                                                    Function 0040F9C0 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 137libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 513 40f9c0-40f9cf 514 40fb51-40fb56 513->514 515 40f9d5-40f9dc 513->515 516 40fb5a-40fb62 514->516 517 40f9e2-40fa0f 515->517 518 40fb58 515->518 519 40fa10-40fa1c 517->519 518->516 520 40fa31-40fa33 519->520 521 40fa1e-40fa2b 519->521 522 40fa3b-40fa40 520->522 521->519 523 40fa2d 521->523 524 40fa42-40fa44 522->524 525 40fa38 522->525 523->520 526 40fa4f-40fa5a 524->526 525->522 527 40fa48-40fa4c 526->527 528 40fa5c-40fa64 526->528 527->526 529 40fa6b-40fa70 528->529 530 40fa72-40fa74 529->530 531 40fa68 529->531 532 40fa7e-40fa88 530->532 531->529 533 40fa78-40fa7b 532->533 534 40fa8a-40fa92 532->534 533->532 535 40fa97-40fa9c 534->535 536 40fa94 535->536 537 40fa9e-40faa0 535->537 536->535 538 40faaa-40fab4 537->538 539 40faa4-40faa7 538->539 540 40fab6-40fabd 538->540 539->538 541 40fac3-40fac8 540->541 542 40fac0 541->542 543 40faca-40facc 541->543 542->541 544 40fad6-40fae0 543->544 545 40fad0-40fad3 544->545 546 40fae2-40faea 544->546 545->544 547 40faef-40faf4 546->547 548 40faf6-40faf8 547->548 549 40faec 547->549 550 40fb02-40fb0c 548->550 549->547 551 40fafc-40faff 550->551 552 40fb0e-40fb16 LoadLibraryA 550->552 551->550 552->518 553 40fb18-40fb27 GetProcAddress 552->553 554 40fb30-40fb47 call 40ce00 553->554 555 40fb29-40fb2e 553->555 556 40fb4a 554->556 555->556 556->514
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 0040FB0F
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ERCPLauncher_main), ref: 0040FB20
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                    • String ID: .dll$ERCPLauncher_main$Invalid ERCP launcher library "%s"$ercplauncher_$#M$#M
                                                                                                                                                                                                    • API String ID: 2574300362-3046380704
                                                                                                                                                                                                    • Opcode ID: 600507758e7c54e6978c0f2bbb65b79f5a65b5b7d9eec44f21d24a8501b64006
                                                                                                                                                                                                    • Instruction ID: 5c3f703ec51d3fef449bebed5b1884fe31be257502c270f411129d00ed0525eb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 600507758e7c54e6978c0f2bbb65b79f5a65b5b7d9eec44f21d24a8501b64006
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8941E5A1B4D2804BDB255238D8603266AC06BA6304F2C457FD5CAEB7D2F67D884DDB1A
                                                                                                                                                                                                    Function 071B16C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 559 71b16c0-71b16d6 GetEnvironmentVariableA 560 71b16d8-71b16ea GetProcessHeap HeapAlloc 559->560 561 71b172c 559->561 563 71b16f9-71b1703 GetEnvironmentVariableA 560->563 564 71b16ec-71b16f8 call 71b1790 560->564 562 71b172e-71b1734 561->562 566 71b1709-71b170b 563->566 567 71b1705-71b1707 563->567 564->563 566->561 569 71b170d-71b171d GetProcessHeap HeapFree 566->569 567->562 567->566 569->561 570 71b171f-71b172b call 71b1790 569->570 570->561
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(?,00000000,00000000), ref: 071B16CD
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,00000000,00000000), ref: 071B16D8
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000000,00000000,?,00000000,00000000), ref: 071B16E1
                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 071B16FC
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 071B170D
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 071B1716
                                                                                                                                                                                                      • Part of subcall function 071B1790: wvsprintfA.USER32(?,?,?), ref: 071B17CE
                                                                                                                                                                                                      • Part of subcall function 071B1790: GetStdHandle.KERNEL32(000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8,?), ref: 071B17D5
                                                                                                                                                                                                      • Part of subcall function 071B1790: GetModuleHandleA.KERNEL32(00000000,000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8,?), ref: 071B17E7
                                                                                                                                                                                                      • Part of subcall function 071B1790: WriteFile.KERNEL32(00000000,?,-00000001,?,00000000,00000000,000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8), ref: 071B184F
                                                                                                                                                                                                      • Part of subcall function 071B1790: WriteFile.KERNEL32(00000000,07471102,-00000001,?,00000000,00000000,?,-00000001,?,00000000,00000000,000000F4,?,?), ref: 071B1872
                                                                                                                                                                                                      • Part of subcall function 071B1790: RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 071B1946
                                                                                                                                                                                                      • Part of subcall function 071B1790: ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 071B1974
                                                                                                                                                                                                      • Part of subcall function 071B1790: DeregisterEventSource.ADVAPI32(00000000), ref: 071B197A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2643644155.00000000071B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 071B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643571719.00000000071B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643949504.00000000073FF000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644109389.0000000007433000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644267194.0000000007450000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644360171.0000000007471000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.0000000007527000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.000000000752B000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.000000000752C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.0000000007570000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_71b0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$Event$EnvironmentFileHandleProcessSourceVariableWrite$AllocDeregisterFreeModuleRegisterReportwvsprintf
                                                                                                                                                                                                    • String ID: FATAL ERROR: Memory deallocation failed.$Not enough memory for initialization.
                                                                                                                                                                                                    • API String ID: 2461539898-1831746946
                                                                                                                                                                                                    • Opcode ID: a9482ab44c44c189ab6710f76ae760acca274e018bc7e53500c5e4c8cd0693ac
                                                                                                                                                                                                    • Instruction ID: 6edcb8bfb402876cb9e501b4c0fa550ed2bcc1f1b45e412a625fff2da7e00620
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9482ab44c44c189ab6710f76ae760acca274e018bc7e53500c5e4c8cd0693ac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3F08CE275034E71F43531B61C38FEB668CCB725D1F120429FA049B1C0EA50DC0160A6
                                                                                                                                                                                                    Function 0040FBA0 Relevance: 11.6, Strings: 9, Instructions: 398COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 625 40fba0-40fbb9 626 4100e6-410103 call 40d610 call 40d620 call 40d5f0 625->626 627 40fbbf-40fc81 call 40d590 * 2 625->627 642 410108-41010f 626->642 636 40fc83-40fc9a call 40d5c0 627->636 637 40fc9e-40fcb9 627->637 636->637 640 40ff50-40ff5a 637->640 641 40fcbf-40fce6 637->641 645 40ff5e-40ff63 640->645 644 40fce8-40fcf0 641->644 646 40fcf2-40fcf7 644->646 647 40fcfc-40fd01 644->647 648 40ff65-40ff6a 645->648 649 40ff6c-40ff73 645->649 651 40ff41-40ff48 646->651 652 40fd03-40fd0d 647->652 653 40fd4e-40fd53 647->653 648->649 650 40ff7d-40ffa8 call 40d590 648->650 649->650 664 40fff8-41005b call 40d6e0 call 40d5f0 call 40d610 call 40d620 call 40d5f0 call 40d590 650->664 665 40ffaa-40ffb2 650->665 651->644 657 40ff4e 651->657 658 40fd33-40fd49 652->658 659 40fd0f-40fd2f call 40d5c0 652->659 655 40fd65-40fd6b 653->655 656 40fd55-40fd60 653->656 662 40fd76-40fd7e 655->662 656->651 657->645 658->651 659->658 666 40fd80-40fd82 662->666 667 40fd9c-40fda2 662->667 717 41005d-410065 664->717 718 4100ac-4100e4 call 40d6e0 call 40d5f0 call 40d610 call 40d620 call 40d5f0 664->718 668 40ffb4-40ffbf 665->668 669 40ffc8-40ffca 665->669 671 40fd70-40fd73 666->671 672 40fd84-40fd97 call 40ce00 666->672 673 40fdaa-40fdb2 667->673 668->664 674 40ffc1-40ffc6 668->674 675 40ffcc-40fff6 669->675 671->662 672->651 678 40fdc2-40fdc8 673->678 679 40fdb4-40fdb6 673->679 674->675 675->664 675->675 682 40fdd2-40fdda 678->682 680 40fda4-40fda7 679->680 681 40fdb8-40fdbd 679->681 680->673 681->651 685 40fdea-40fdf0 682->685 686 40fddc-40fdde 682->686 690 40fdfa-40fe02 685->690 688 40fde0-40fde5 686->688 689 40fdcc-40fdcf 686->689 688->651 689->682 692 40fe12-40fe18 690->692 693 40fe04-40fe06 690->693 697 40fe26-40fe30 692->697 695 40fdf4-40fdf7 693->695 696 40fe08-40fe0d 693->696 695->690 696->651 700 40fe32-40fe3b 697->700 701 40fe1c-40fe1e 697->701 702 40fe43-40fe4a 700->702 704 40fe20-40fe23 701->704 705 40fe59-40fe5f 701->705 706 40fe40 702->706 707 40fe4c-40fe54 702->707 704->697 709 40fe6a-40fe72 705->709 706->702 707->651 711 40fe82-40fe88 709->711 712 40fe74-40fe76 709->712 716 40fe92-40fe9a 711->716 714 40fe64-40fe67 712->714 715 40fe78-40fe7d 712->715 714->709 715->651 719 40feb1-40feb7 716->719 720 40fe9c-40fe9e 716->720 721 410067-410072 717->721 722 41007b-41007d 717->722 718->642 726 40fec6-40fed0 719->726 724 40fea0-40feac 720->724 725 40fe8c-40fe8f 720->725 721->718 729 410074-410079 721->729 730 410080-4100aa 722->730 724->651 725->716 727 40fed2-40fedb 726->727 728 40febc-40febe 726->728 732 40fee3-40feea 727->732 734 40fec0-40fec3 728->734 735 40fefb-40ff05 728->735 729->730 730->718 730->730 736 40fee0 732->736 737 40feec-40fef9 732->737 734->726 738 40ff07-40ff27 call 40d5c0 735->738 739 40ff2b-40ff3d 735->739 736->732 737->651 738->739 739->651
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$AllocProcess
                                                                                                                                                                                                    • String ID: -Xnosplash$-Xservice$-Xservice:$-args$-classpath$-cp$-jar$-splash:$The "-jar" option is not supported because the jar file must have been already compiled into this executable
                                                                                                                                                                                                    • API String ID: 1617791916-4289450481
                                                                                                                                                                                                    • Opcode ID: 1a5aee45d73d654659cd3fc889e7452a405acc4e058351313c10dc12caa5b2d1
                                                                                                                                                                                                    • Instruction ID: 3d14f681b3fb4c3c878a40bbc3bc6f851b945289f5cf69c5f2063d1a2feea29e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a5aee45d73d654659cd3fc889e7452a405acc4e058351313c10dc12caa5b2d1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81F19270A083818FD325DF28C45076BBBE1AB96304F18487EF88597391E77DD849CB9A
                                                                                                                                                                                                    Function 0040D720 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 73memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 2651 40d720-40d744 GetProcessHeap HeapAlloc 2652 40d753-40d755 2651->2652 2653 40d746-40d752 call 40ce00 2651->2653 2655 40d7a2-40d7b0 2652->2655 2656 40d757-40d75f 2652->2656 2653->2652 2657 40d7d1-40d7e8 2655->2657 2658 40d7b2-40d7c2 GetProcessHeap HeapFree 2655->2658 2660 40d761-40d76b 2656->2660 2661 40d774-40d776 2656->2661 2658->2657 2662 40d7c4-40d7d0 call 40ce00 2658->2662 2660->2655 2663 40d76d-40d772 2660->2663 2664 40d778-40d7a0 2661->2664 2662->2657 2663->2664 2664->2655 2664->2664
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 0040D72B
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000000), ref: 0040D73B
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040D7B2
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 0040D7BB
                                                                                                                                                                                                      • Part of subcall function 0040CE00: wvsprintfA.USER32(?,00000010,?), ref: 0040CE3E
                                                                                                                                                                                                      • Part of subcall function 0040CE00: GetStdHandle.KERNEL32(000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?,?,00000000,0040F5BA), ref: 0040CE45
                                                                                                                                                                                                      • Part of subcall function 0040CE00: GetModuleHandleA.KERNEL32(00000000,000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?,?,00000000,0040F5BA), ref: 0040CE57
                                                                                                                                                                                                      • Part of subcall function 0040CE00: WriteFile.KERNEL32(00000000,?,-00000001,?,00000000,00000000,000000F4,00000000,?,?,?,0040D5B5,Not enough memory for initialization.,00000000,00000000,?), ref: 0040CEBF
                                                                                                                                                                                                      • Part of subcall function 0040CE00: WriteFile.KERNEL32(00000000,004D1D2A,-00000001,?,00000000,00000000,?,-00000001,?,00000000,00000000,000000F4,00000000,?), ref: 0040CEE2
                                                                                                                                                                                                      • Part of subcall function 0040CE00: RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 0040CFB6
                                                                                                                                                                                                      • Part of subcall function 0040CE00: ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 0040CFE4
                                                                                                                                                                                                      • Part of subcall function 0040CE00: DeregisterEventSource.ADVAPI32(00000000), ref: 0040CFEA
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$Event$FileHandleProcessSourceWrite$AllocDeregisterFreeModuleRegisterReportwvsprintf
                                                                                                                                                                                                    • String ID: FATAL ERROR: Memory deallocation failed.$Not enough memory for initialization.
                                                                                                                                                                                                    • API String ID: 2180510886-1831746946
                                                                                                                                                                                                    • Opcode ID: 8c1953aa43dd20623aea0365a2a303e2be2fe40f328f4188e083f8012961b66e
                                                                                                                                                                                                    • Instruction ID: 0982e6ba5811581b946645de579555055db4612d7494691921a2831e594fc302
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c1953aa43dd20623aea0365a2a303e2be2fe40f328f4188e083f8012961b66e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA21F374A007159FD314EF95C890B2A7368FB45314F10493EEA05AB391CB39EC448BE8
                                                                                                                                                                                                    Function 0040E180 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 54COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,?,00000104,00000000,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,0040F867,00000000,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,00000000,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll,00000000,005CA9A0,00000000,00000000,00000000), ref: 0040E1A8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                    • String ID: C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll$L"M$Unable to load %s (referenced from %s)$Unable to load %s (referenced from %s)Reason: %s.
                                                                                                                                                                                                    • API String ID: 514040917-2195991220
                                                                                                                                                                                                    • Opcode ID: 1f6ec335ce642b499860416552cf8ca540ce12cd66637cd7307098549fa44955
                                                                                                                                                                                                    • Instruction ID: 4460c5f550e6493e4f60146d84aa7856427acd954966f6939c607f8126fb57eb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f6ec335ce642b499860416552cf8ca540ce12cd66637cd7307098549fa44955
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7114C7220424057D3145239CC50BAB76EADFD5320F184B3FF5D49A3E1DB3A8951D256
                                                                                                                                                                                                    Function 004758BB Relevance: 7.7, Strings: 6, Instructions: 192COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: LZM$LjM$LpM$P<M$PAM$PUM
                                                                                                                                                                                                    • API String ID: 0-1222985784
                                                                                                                                                                                                    • Opcode ID: 9869cc435ae1f045271000e85ff8312abc41f92609a820dd9ba7e00252d43138
                                                                                                                                                                                                    • Instruction ID: 53f66f3901c0e9dd774fc5147054068ed0911993702deece7a71fa97dbc734c0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9869cc435ae1f045271000e85ff8312abc41f92609a820dd9ba7e00252d43138
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9461B3715407029BEB059FA19C52FA73B22B784700F824967FF146F2F2DBB899449B8C
                                                                                                                                                                                                    Function 023957C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 124COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0239581A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2637141929.00000000021E1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 021E0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637010218.00000000021E0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637267970.000000000239A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637305426.00000000023F0000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637336335.0000000002410000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637354861.0000000002411000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637373730.0000000002415000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637397487.000000000241A000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637451966.00000000024A2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637475338.00000000024AD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637494483.00000000024AF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637519322.00000000024B4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637538783.00000000024B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637557871.00000000024C8000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637576992.00000000024DB000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637636029.000000000257D000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.0000000002589000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2637661304.000000000259F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_21e0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                    • String ID: *{comp.dir}$.config$Error reading configuration: unable to query component path.
                                                                                                                                                                                                    • API String ID: 514040917-4185434760
                                                                                                                                                                                                    • Opcode ID: 952c584ce8afc376b0a2a6d8945b912c1c1e101c5d6849de2103ce710352de60
                                                                                                                                                                                                    • Instruction ID: 24d8ec990d4f695faa3bc5eefa163bfd09fdb5d04dbcddf87cd4ba2d25d9de2d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 952c584ce8afc376b0a2a6d8945b912c1c1e101c5d6849de2103ce710352de60
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54411772F0E3918FEF17872888503263BD66FA7214F9D855DD9D58B3A2EB728884C741
                                                                                                                                                                                                    Function 0040E060 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0040E088
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • L"M, xrefs: 0040E098
                                                                                                                                                                                                    • Fatal error: "%s" requires an outdated or damaged JET profile "%s" (located at "%s").HOW TO FIX: run JET Setup and repair JET profile "%s"., xrefs: 0040E0D8, 0040E0DE
                                                                                                                                                                                                    • jetrt, xrefs: 0040E060
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                    • String ID: Fatal error: "%s" requires an outdated or damaged JET profile "%s" (located at "%s").HOW TO FIX: run JET Setup and repair JET profile "%s".$L"M$jetrt
                                                                                                                                                                                                    • API String ID: 514040917-726262130
                                                                                                                                                                                                    • Opcode ID: 0921649ba32ff23ca1e753969ab9b2f2be9065829c76a0b4f11b4bbdd71c7a8f
                                                                                                                                                                                                    • Instruction ID: c0c1ad4f7c64eee37a9fbfcbdf42840c525a54ddd13b483f4043a1a8a1e152ef
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0921649ba32ff23ca1e753969ab9b2f2be9065829c76a0b4f11b4bbdd71c7a8f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9501F7722046405BD3145639CC50BABBADADFE5310F0C893FE6C4C73E1EABA8C558265
                                                                                                                                                                                                    Function 0041E147 Relevance: 5.4, Strings: 4, Instructions: 372COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: A$(oK$ssis$ssss
                                                                                                                                                                                                    • API String ID: 0-2879899830
                                                                                                                                                                                                    • Opcode ID: 123b1e1c472615d33bd527751bb00a38a2dec15d748f8e8f315b8a5e68a38519
                                                                                                                                                                                                    • Instruction ID: d788dfeb58ea0ded81730a38736c52fc662d0c5cd8b1c211442f765ba4c8c6b0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 123b1e1c472615d33bd527751bb00a38a2dec15d748f8e8f315b8a5e68a38519
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C022779504741DFC720DF15D980B9ABBE5FB88354F14882EEA884B362D774E881CF6A
                                                                                                                                                                                                    Function 0041E1AE Relevance: 5.4, Strings: 4, Instructions: 350COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: A$(oK$ssis$ssss
                                                                                                                                                                                                    • API String ID: 0-2879899830
                                                                                                                                                                                                    • Opcode ID: 45e740aab07a78c598b8a72075cd65762bce74ede5e5a0b520a105b72bc29676
                                                                                                                                                                                                    • Instruction ID: 288dfad61b0b00a7362d78b8b20953875d67b253a4bd85d2f597723764b9bf3f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45e740aab07a78c598b8a72075cd65762bce74ede5e5a0b520a105b72bc29676
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBF10579504745DFC720DF15C980B9ABBE5FB88354F14882EEA884B362D774E881CF6A
                                                                                                                                                                                                    Function 0040E0F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0040E118
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Fatal error: "%s" requires JET profile "%s" that cannot be found ("%s" does not exist).HOW TO FIX: run JET Setup to create a new JET profile and then recompile the application., xrefs: 0040E166, 0040E16C
                                                                                                                                                                                                    • L"M, xrefs: 0040E128
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                                    • String ID: Fatal error: "%s" requires JET profile "%s" that cannot be found ("%s" does not exist).HOW TO FIX: run JET Setup to create a new JET profile and then recompile the application.$L"M
                                                                                                                                                                                                    • API String ID: 514040917-2183897088
                                                                                                                                                                                                    • Opcode ID: 316e53cecf8211b9541d73c212cfcb396d862945635e1d6d7739b29ae655ff31
                                                                                                                                                                                                    • Instruction ID: 676216dfcb131ab7e128cb421d13b6ad90c010ab4950dea38f9dfe949674f3a8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 316e53cecf8211b9541d73c212cfcb396d862945635e1d6d7739b29ae655ff31
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A50126723087409BD3109639CC51BABBADA9FE5350F08493FE6C4DB3E1E77A89618316
                                                                                                                                                                                                    Function 071B1670 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000), ref: 071B1675
                                                                                                                                                                                                      • Part of subcall function 071B1790: wvsprintfA.USER32(?,?,?), ref: 071B17CE
                                                                                                                                                                                                      • Part of subcall function 071B1790: GetStdHandle.KERNEL32(000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8,?), ref: 071B17D5
                                                                                                                                                                                                      • Part of subcall function 071B1790: GetModuleHandleA.KERNEL32(00000000,000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8,?), ref: 071B17E7
                                                                                                                                                                                                      • Part of subcall function 071B1790: WriteFile.KERNEL32(00000000,?,-00000001,?,00000000,00000000,000000F4,?,?,?,?,071B1615,Invalid PE signature,?,?,071B31F8), ref: 071B184F
                                                                                                                                                                                                      • Part of subcall function 071B1790: WriteFile.KERNEL32(00000000,07471102,-00000001,?,00000000,00000000,?,-00000001,?,00000000,00000000,000000F4,?,?), ref: 071B1872
                                                                                                                                                                                                      • Part of subcall function 071B1790: RegisterEventSourceA.ADVAPI32(00000000,00000000), ref: 071B1946
                                                                                                                                                                                                      • Part of subcall function 071B1790: ReportEventA.ADVAPI32(00000000,00000001,00000000,40000001,00000000,00000001,00000000,?,00000000), ref: 071B1974
                                                                                                                                                                                                      • Part of subcall function 071B1790: DeregisterEventSource.ADVAPI32(00000000), ref: 071B197A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2643644155.00000000071B1000.00000020.00000001.01000000.00000014.sdmp, Offset: 071B0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643571719.00000000071B0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2643949504.00000000073FF000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644109389.0000000007433000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644267194.0000000007450000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644360171.0000000007471000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.0000000007527000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644479095.000000000752B000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.000000000752C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2644559029.0000000007570000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_71b0000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: EventHandle$FileModuleSourceWrite$DeregisterRegisterReportwvsprintf
                                                                                                                                                                                                    • String ID: Invalid DOS signature$Invalid PE signature
                                                                                                                                                                                                    • API String ID: 563821146-3088377893
                                                                                                                                                                                                    • Opcode ID: 98bea320804c4a6603e7169bbefc8434995cf085abf080fe8674c0e6cbb04561
                                                                                                                                                                                                    • Instruction ID: ced3feecd14813913e4fafc2122c44c41cf25ae4368b2471d292221e45e9cd3f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 98bea320804c4a6603e7169bbefc8434995cf085abf080fe8674c0e6cbb04561
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73E092F6214B4AB6D379262868355FB63DAEBC47A1B3A051AE010C75C0EBA8DC819254
                                                                                                                                                                                                    Function 0040F190 Relevance: 5.2, Strings: 4, Instructions: 206COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2635987883.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2635963013.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636109777.0000000000489000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636193890.00000000004A0000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.00000000004BD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636242578.0000000000528000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636369198.0000000000588000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2636392575.0000000000593000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_400000_HamSphere_4.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: .config$C:\HamSphere\HamSphere_4.010a\rt\jetrt\XKRN10505.dll$Configuration section not found.$Invalid configuration section format.
                                                                                                                                                                                                    • API String ID: 0-3539697526
                                                                                                                                                                                                    • Opcode ID: b13495181d051328a480a638e22b6faa70256a87a1478ee5053fde879010b3bb
                                                                                                                                                                                                    • Instruction ID: d84cf74ce9d264e6e69a753e4950ea2c378badb1d27a70b63f4147bb83a4cda4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b13495181d051328a480a638e22b6faa70256a87a1478ee5053fde879010b3bb
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F719034008202DFC738DF15D490627B7E1BB94314F688A3FE84567BA1D33DA989DB9A