Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1541557
MD5:	480c71144f234397fd4222635ab78b57
SHA1:	5f8d39408946723b106919381a9e36d228069c3f
SHA256:	1d5de82477d34b944271393c5c7ad28dc8ab613220d1bd52f2876d0a70c36800
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 2768 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 480C71144F234397FD4222635AB78B57)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["licendfilteo.site", "bathdoomgaz.store", "spirittunek.store", "studennotediw.store", "clearancek.site", "eaglepawnoy.store", "mobbipenju.store", "dissapoiznw.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T00:17:49.943340+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.8	61417	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T00:17:49.858959+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.8	63147	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T00:17:49.920615+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.8	53543	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T00:17:49.888906+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.8	54877	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T00:17:49.967929+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.8	63100	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T00:17:49.872393+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.8	53477	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T00:17:49.955880+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.8	59316	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T00:17:49.932934+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.8	51630	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-25T00:17:51.773625+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.8	49704	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Found malware configuration

Source: file.exe.2768.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["licendfilteo.site", "bathdoomgaz.store", "spirittunek.store", "studennotediw.store", "clearancek.site", "eaglepawnoy.store", "mobbipenju.store", "dissapoiznw.store"], "Build id": "4SD0y4--legendaryy"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.8:49704 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AC50FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A8D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00A8D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00AC63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00AC99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00AC695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00A8FCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00A90EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AC6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00A96F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00ABF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00A81000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00AC4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00AAD1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00A942FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00AA2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00AA2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00AB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00AB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00A8A300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00AC64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00AAE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00A9B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00AAC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00AC1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00A9D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00A88590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00AC7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00A96536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AA9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00AAE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00ABB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00AAD7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00AC67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AC5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00AC7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00AA28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00A849A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00AC3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00A9D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00A91ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00A91A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00AC4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00A85A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00AB0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00A91BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00A93BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00A9DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00A9DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00AC9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AAAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00AAAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AC9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00AC9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00AACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00AACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00ABFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00AA7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00AAEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AC8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00AADD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00AAFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00A86EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00A96EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00A8BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00A91E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00A94E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AA7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AA5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00AAAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00A96F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00AC7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AC7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00A9FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00A88FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AC5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AA9F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00ABFF70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.8:53477 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.8:54877 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.8:61417 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.8:51630 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.8:63100 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.8:59316 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.8:63147 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.8:53543 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.8:49704 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: dissapoiznw.store

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000003.1506075617.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba24e9977faccad43253; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=f2d69d60a61e39e52afe89a6; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26105Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 24 Oct 2024 22:17:51 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
Source: file.exe, 00000000.00000002.1525251503.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eaglepawnoy.store/api
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000002.1525251503.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/N
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.1525137816.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525251503.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000002.1525325793.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1506075617.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.8:49704 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A90228	0_2_00A90228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACA0D0	0_2_00ACA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A92030	0_2_00A92030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A81000	0_2_00A81000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4040	0_2_00AC4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8E1A0	0_2_00A8E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197	0_2_00C4F197
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A871F0	0_2_00A871F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A85160	0_2_00A85160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A812F7	0_2_00A812F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB82D0	0_2_00AB82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB12D0	0_2_00AB12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C59270	0_2_00C59270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8B3A0	0_2_00A8B3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A813A3	0_2_00A813A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E3DA	0_2_00C5E3DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB23E0	0_2_00AB23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8A300	0_2_00A8A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A94487	0_2_00A94487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9049B	0_2_00A9049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB64F0	0_2_00AB64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C63452	0_2_00C63452
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAC470	0_2_00AAC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A835B0	0_2_00A835B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A88590	0_2_00A88590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9C5F0	0_2_00A9C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54556	0_2_00C54556
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C576C4	0_2_00C576C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC86F0	0_2_00AC86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABF620	0_2_00ABF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8164F	0_2_00A8164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8652	0_2_00AC8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5C7FF	0_2_00C5C7FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C607A0	0_2_00C607A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE8A0	0_2_00ABE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABB8C0	0_2_00ABB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB1860	0_2_00AB1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8A850	0_2_00A8A850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC89A0	0_2_00AC89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3F9CC	0_2_00C3F9CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA098B	0_2_00AA098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C61991	0_2_00C61991
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6697C	0_2_00C6697C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC7AB0	0_2_00AC7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8A80	0_2_00AC8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4A40	0_2_00AC4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A87BF0	0_2_00A87BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A9DB6F	0_2_00A9DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC6CBF	0_2_00AC6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B04CA8	0_2_00B04CA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AACCD0	0_2_00AACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C50C61	0_2_00C50C61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8C02	0_2_00AC8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B51C06	0_2_00B51C06
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC5C12	0_2_00CC5C12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C55C35	0_2_00C55C35
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AADD29	0_2_00AADD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B67D2A	0_2_00B67D2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAFD10	0_2_00AAFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AA8D62	0_2_00AA8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A96EBF	0_2_00A96EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8BEB0	0_2_00A8BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A94E2A	0_2_00A94E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC8E70	0_2_00AC8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AAAE57	0_2_00AAAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B1FFFC	0_2_00B1FFFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC7FC0	0_2_00AC7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A88FD0	0_2_00A88FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00A8AF10	0_2_00A8AF10

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A8CAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00A9D300 appears 152 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9994392017326733

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AB8220 CoCreateInstance,

0_2_00AB8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 3023872 > 1048576

Source: file.exe

Static PE information: Raw size of dhewfvkn is bigger than: 0x100000 < 0x2b8c00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.a80000.0.unpack :EW;.rsrc :W;.idata :W;dhewfvkn:EW;fdmuewqf:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;dhewfvkn:EW;fdmuewqf:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2ef320 should be: 0x2eb46a

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: dhewfvkn
Source: file.exe	Static PE information: section name: fdmuewqf
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C180DA push 573A0F79h; mov dword ptr [esp], esi	0_2_00C1816A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C180DA push esi; mov dword ptr [esp], edi	0_2_00C18180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C180DA push 6D7A80A9h; mov dword ptr [esp], ecx	0_2_00C18199
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C180DA push 3F286E82h; mov dword ptr [esp], edx	0_2_00C181AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C180DA push 4ACBD646h; mov dword ptr [esp], esi	0_2_00C18235
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C180DA push ecx; mov dword ptr [esp], 00000000h	0_2_00C1824B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6F0AF push ecx; mov dword ptr [esp], esi	0_2_00C6F39D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6F0AF push 73C1ADB0h; mov dword ptr [esp], edx	0_2_00C6F3B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9904D push ecx; mov dword ptr [esp], esi	0_2_00D99104
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9904D push edx; mov dword ptr [esp], 4FDBDE29h	0_2_00D99132
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA0012 push ecx; mov dword ptr [esp], 7FAA568Eh	0_2_00BA00FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA0012 push eax; mov dword ptr [esp], esi	0_2_00BA0147
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D991DC push 2796CFE4h; mov dword ptr [esp], esp	0_2_00D991F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D991DC push 54F7FFF4h; mov dword ptr [esp], eax	0_2_00D9921C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D991DC push 15506D86h; mov dword ptr [esp], edx	0_2_00D9922E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D991DC push ebp; mov dword ptr [esp], 5638E893h	0_2_00D99247
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D991DC push ebp; mov dword ptr [esp], edx	0_2_00D99315
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D991DC push eax; mov dword ptr [esp], edi	0_2_00D99383
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D591C2 push ebx; mov dword ptr [esp], edx	0_2_00D5920C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA1D0 push 71DA97A7h; mov dword ptr [esp], esi	0_2_00CBA275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA1D0 push 45B45136h; mov dword ptr [esp], ecx	0_2_00CBA280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197 push ebx; mov dword ptr [esp], edi	0_2_00C4F1A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197 push 23413D2Fh; mov dword ptr [esp], eax	0_2_00C4F1EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197 push 7A4B2CF7h; mov dword ptr [esp], eax	0_2_00C4F2C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197 push esi; mov dword ptr [esp], ebx	0_2_00C4F334
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197 push 782416FAh; mov dword ptr [esp], edi	0_2_00C4F37A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197 push eax; mov dword ptr [esp], edi	0_2_00C4F3E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197 push eax; mov dword ptr [esp], edx	0_2_00C4F3E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197 push ecx; mov dword ptr [esp], eax	0_2_00C4F526
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197 push eax; mov dword ptr [esp], 68D220E2h	0_2_00C4F556
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4F197 push esi; mov dword ptr [esp], ecx	0_2_00C4F5AB

Source: file.exe

Static PE information: section name: entropy: 7.975225099738983

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE3E00 second address: AE3E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BC5C second address: C6BC62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BC62 second address: C6BC6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4CA50AB436h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BC6D second address: C6BC80 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4CA5099CAEh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BC80 second address: C6BC86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BC86 second address: C6BC8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BF13 second address: C6BF1D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4CA50AB436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BF1D second address: C6BF2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA5099CADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6BF2E second address: C6BF52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB444h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jc 00007F4CA50AB436h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E0F0 second address: C6E111 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnc 00007F4CA5099CAAh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jnl 00007F4CA5099CA8h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E111 second address: C6E123 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 ja 00007F4CA50AB436h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E123 second address: AE3E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 je 00007F4CA5099CACh 0x0000000b jnc 00007F4CA5099CA6h 0x00000011 popad 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push esi 0x00000017 jmp 00007F4CA5099CB4h 0x0000001c pop esi 0x0000001d pop eax 0x0000001e push dword ptr [ebp+122D068Dh] 0x00000024 mov dword ptr [ebp+122D1D38h], eax 0x0000002a mov edx, dword ptr [ebp+122D3AEEh] 0x00000030 call dword ptr [ebp+122D399Dh] 0x00000036 pushad 0x00000037 jmp 00007F4CA5099CAEh 0x0000003c xor eax, eax 0x0000003e add dword ptr [ebp+122D1E6Bh], edx 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 clc 0x00000049 mov dword ptr [ebp+122D3BCEh], eax 0x0000004f sub dword ptr [ebp+122D1E6Bh], esi 0x00000055 mov esi, 0000003Ch 0x0000005a cmc 0x0000005b add esi, dword ptr [esp+24h] 0x0000005f jnp 00007F4CA5099CB2h 0x00000065 jl 00007F4CA5099CACh 0x0000006b jnl 00007F4CA5099CA6h 0x00000071 lodsw 0x00000073 jmp 00007F4CA5099CACh 0x00000078 add eax, dword ptr [esp+24h] 0x0000007c jnc 00007F4CA5099CBCh 0x00000082 mov ebx, dword ptr [esp+24h] 0x00000086 mov dword ptr [ebp+122D1E4Ch], eax 0x0000008c nop 0x0000008d jmp 00007F4CA5099CADh 0x00000092 push eax 0x00000093 pushad 0x00000094 push ecx 0x00000095 push eax 0x00000096 push edx 0x00000097 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E1B8 second address: C6E1BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E1BD second address: C6E1E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F4CA5099CBCh 0x00000012 jmp 00007F4CA5099CB6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E1E5 second address: C6E1EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E1EB second address: C6E1EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E1EF second address: C6E1F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E1F3 second address: C6E232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jno 00007F4CA5099CB0h 0x00000012 mov eax, dword ptr [eax] 0x00000014 jp 00007F4CA5099CB4h 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e pushad 0x0000001f push edi 0x00000020 push eax 0x00000021 pop eax 0x00000022 pop edi 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E232 second address: C6E236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E326 second address: C6E33A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4CA5099CADh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E33A second address: C6E33E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E3AF second address: C6E3EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4CA5099CACh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F4CA5099CB4h 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007F4CA5099CAAh 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E593 second address: C6E598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E598 second address: C6E5C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007F4CA5099CB2h 0x00000010 jbe 00007F4CA5099CACh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E690 second address: C6E6E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 21501E0Dh 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F4CA50AB438h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 jmp 00007F4CA50AB443h 0x0000002d lea ebx, dword ptr [ebp+1245DFF3h] 0x00000033 mov cx, bx 0x00000036 xchg eax, ebx 0x00000037 push eax 0x00000038 push edx 0x00000039 push ebx 0x0000003a je 00007F4CA50AB436h 0x00000040 pop ebx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E6E7 second address: C6E6F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F4CA5099CA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6E6F1 second address: C6E6F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CA21 second address: C8CA3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CAAh 0x00000007 jmp 00007F4CA5099CACh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CB93 second address: C8CB99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CB99 second address: C8CB9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D034 second address: C8D038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D038 second address: C8D05F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4CA5099CB8h 0x0000000b push edi 0x0000000c jnp 00007F4CA5099CA6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D31F second address: C8D33B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA50AB442h 0x00000009 js 00007F4CA50AB436h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D4DE second address: C8D4F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D4F9 second address: C8D4FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D667 second address: C8D686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F4CA5099CB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DC3E second address: C8DC53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB441h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DD9D second address: C8DDA9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jbe 00007F4CA5099CA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8DDA9 second address: C8DDCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4CA50AB446h 0x00000008 jc 00007F4CA50AB436h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E7BB second address: C8E7C1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4ECCB second address: C4ECE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4CA50AB445h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97E19 second address: C97E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F95B second address: C5F976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4CA50AB440h 0x00000009 popad 0x0000000a pop edx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F976 second address: C5F980 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F980 second address: C5F986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F986 second address: C5F98A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5F98A second address: C5F990 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9BEEF second address: C9BEF9 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4CA5099CA6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C2D0 second address: C9C2D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C2D4 second address: C9C2DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C580 second address: C9C598 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA50AB444h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C6EE second address: C9C6F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C6F2 second address: C9C710 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB448h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9D206 second address: C9D20A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9DCB7 second address: C9DCC4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9E002 second address: C9E006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9E143 second address: C9E14F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C66487 second address: C6649C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007F4CA5099CA6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007F4CA5099CA6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6649C second address: C664A6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4CA50AB436h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C664A6 second address: C664B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C664B2 second address: C664D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4CA50AB447h 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C664D5 second address: C664D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FCC6 second address: C9FCD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4CA50AB436h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FCD0 second address: C9FD43 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4CA5099CB1h 0x0000000e nop 0x0000000f mov si, C5CCh 0x00000013 mov dword ptr [ebp+122D1C7Bh], edx 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+122D3928h], ecx 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push edx 0x00000026 call 00007F4CA5099CA8h 0x0000002b pop edx 0x0000002c mov dword ptr [esp+04h], edx 0x00000030 add dword ptr [esp+04h], 00000014h 0x00000038 inc edx 0x00000039 push edx 0x0000003a ret 0x0000003b pop edx 0x0000003c ret 0x0000003d pushad 0x0000003e sub dword ptr [ebp+12458D70h], ebx 0x00000044 push edi 0x00000045 or dword ptr [ebp+122DB7B8h], ebx 0x0000004b pop esi 0x0000004c popad 0x0000004d xchg eax, ebx 0x0000004e ja 00007F4CA5099CB2h 0x00000054 push eax 0x00000055 push ecx 0x00000056 push ecx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0F3E second address: CA0F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2060 second address: CA2074 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2074 second address: CA207A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3A2B second address: CA3A36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4CA5099CA6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3A36 second address: CA3A77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d cld 0x0000000e push 00000000h 0x00000010 mov esi, dword ptr [ebp+122D1D16h] 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007F4CA50AB438h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 movsx edi, bx 0x00000035 push eax 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 jns 00007F4CA50AB436h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3A77 second address: CA3A89 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4CA5099CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F4CA5099CA6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4430 second address: CA4436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA41D0 second address: CA41D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAB396 second address: CAB39A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAB39A second address: CAB3B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F4CA5099CACh 0x0000000c je 00007F4CA5099CA6h 0x00000012 popad 0x00000013 push eax 0x00000014 jno 00007F4CA5099CB0h 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD370 second address: CAD383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jng 00007F4CA50AB436h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD5D7 second address: CAD5DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAE63B second address: CAE63F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0525 second address: CB0549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F4CA5099CB7h 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF57D second address: CAF58D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF58D second address: CAF5A7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4CA5099CA8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push edi 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007F4CA5099CA6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF5A7 second address: CAF5AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1485 second address: CB1489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1489 second address: CB1493 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4CA50AB436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF66F second address: CAF673 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF673 second address: CAF685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jbe 00007F4CA50AB44Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB24C3 second address: CB24DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA5099CB5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB15DA second address: CB16AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 mov ebx, dword ptr [ebp+122D1C6Ah] 0x0000000d add di, FE3Dh 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov di, B8F0h 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push edi 0x00000027 call 00007F4CA50AB438h 0x0000002c pop edi 0x0000002d mov dword ptr [esp+04h], edi 0x00000031 add dword ptr [esp+04h], 0000001Bh 0x00000039 inc edi 0x0000003a push edi 0x0000003b ret 0x0000003c pop edi 0x0000003d ret 0x0000003e mov bh, D9h 0x00000040 mov dword ptr [ebp+122D1DFEh], ebx 0x00000046 mov eax, dword ptr [ebp+122D105Dh] 0x0000004c xor dword ptr [ebp+122D1FF4h], ebx 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push esi 0x00000057 call 00007F4CA50AB438h 0x0000005c pop esi 0x0000005d mov dword ptr [esp+04h], esi 0x00000061 add dword ptr [esp+04h], 0000001Ch 0x00000069 inc esi 0x0000006a push esi 0x0000006b ret 0x0000006c pop esi 0x0000006d ret 0x0000006e jl 00007F4CA50AB44Fh 0x00000074 pushad 0x00000075 jmp 00007F4CA50AB444h 0x0000007a xor bl, FFFFFFDAh 0x0000007d popad 0x0000007e nop 0x0000007f jmp 00007F4CA50AB448h 0x00000084 push eax 0x00000085 push eax 0x00000086 push edx 0x00000087 jmp 00007F4CA50AB448h 0x0000008c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB06DE second address: CB06E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB26A3 second address: CB26AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB36B8 second address: CB36BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB06E3 second address: CB0724 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4CA50AB448h 0x00000008 jmp 00007F4CA50AB43Ah 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 jmp 00007F4CA50AB444h 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB26AE second address: CB26B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB36BD second address: CB36FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007F4CA50AB444h 0x00000011 jmp 00007F4CA50AB43Eh 0x00000016 nop 0x00000017 sub dword ptr [ebp+12480887h], ebx 0x0000001d push 00000000h 0x0000001f mov bl, 5Ah 0x00000021 push 00000000h 0x00000023 mov dword ptr [ebp+122D1DFEh], esi 0x00000029 xor dword ptr [ebp+122D204Eh], edx 0x0000002f push eax 0x00000030 push eax 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0724 second address: CB078F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 nop 0x00000007 mov bh, ch 0x00000009 push dword ptr fs:[00000000h] 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007F4CA5099CA8h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a xor bx, D79Bh 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 mov dword ptr [ebp+122D37D2h], esi 0x0000003c mov eax, dword ptr [ebp+122D15F9h] 0x00000042 mov dword ptr [ebp+122D301Bh], ebx 0x00000048 push FFFFFFFFh 0x0000004a or dword ptr [ebp+122D2664h], esi 0x00000050 add ebx, dword ptr [ebp+122D1FCDh] 0x00000056 nop 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F4CA5099CABh 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB26B2 second address: CB2736 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnl 00007F4CA50AB43Ch 0x0000000e nop 0x0000000f cld 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F4CA50AB438h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000014h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007F4CA50AB438h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 movsx edi, cx 0x00000055 mov eax, dword ptr [ebp+122D149Dh] 0x0000005b push FFFFFFFFh 0x0000005d mov dword ptr [ebp+122D391Eh], ebx 0x00000063 mov ebx, 4CA6CE00h 0x00000068 nop 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d jns 00007F4CA50AB436h 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB36FA second address: CB3700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2736 second address: CB273C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB38AA second address: CB38AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB38AE second address: CB38B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB56C7 second address: CB56CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB56CD second address: CB56D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB48C8 second address: CB48D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4CA5099CA6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6688 second address: CB668E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB668E second address: CB6705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CAFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ebx, dword ptr [ebp+122D3B5Ah] 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007F4CA5099CA8h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e sbb bh, FFFFFFE6h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push edx 0x00000036 call 00007F4CA5099CA8h 0x0000003b pop edx 0x0000003c mov dword ptr [esp+04h], edx 0x00000040 add dword ptr [esp+04h], 00000017h 0x00000048 inc edx 0x00000049 push edx 0x0000004a ret 0x0000004b pop edx 0x0000004c ret 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 jmp 00007F4CA5099CACh 0x00000056 pushad 0x00000057 popad 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6705 second address: CB670B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6937 second address: CB6941 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6941 second address: CB6945 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7A6A second address: CB7A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7A75 second address: CB7A99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F4CA50AB447h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7A99 second address: CB7A9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0A1A second address: CC0A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0207 second address: CC0218 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA5099CADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0218 second address: CC021C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC021C second address: CC0222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCBBBD second address: CCBBE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB449h 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jnl 00007F4CA50AB436h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB3B9 second address: CCB3BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCB54C second address: CCB563 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4CA50AB436h 0x00000008 jo 00007F4CA50AB436h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD180 second address: CCD184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD184 second address: CCD19E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F4CA50AB442h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD19E second address: CCD1A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD1A4 second address: CCD1A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD1A8 second address: CCD1AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD17AC second address: CD17B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD06CB second address: CD06DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F4CA5099CA6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD06DB second address: CD06DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA67BE second address: CA67E8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4CA5099CACh 0x00000008 jl 00007F4CA5099CA6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4CA5099CB6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA67E8 second address: CA6825 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4CA50AB436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007F4CA50AB438h 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push edi 0x00000016 push esi 0x00000017 jmp 00007F4CA50AB444h 0x0000001c pop esi 0x0000001d pop edi 0x0000001e mov eax, dword ptr [eax] 0x00000020 pushad 0x00000021 jne 00007F4CA50AB438h 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6825 second address: CA682B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA682B second address: CA6849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F4CA50AB440h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6849 second address: CA6851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA695D second address: CA6977 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4CA50AB43Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6977 second address: CA698A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4CA5099CAEh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6A2B second address: CA6A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6A2F second address: CA6A39 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4CA5099CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6A39 second address: CA6A6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c jmp 00007F4CA50AB444h 0x00000011 push eax 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6A6B second address: CA6A6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6B6E second address: CA6B77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6B77 second address: CA6B84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6B84 second address: CA6B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6B8B second address: CA6B95 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4CA5099CACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C86681 second address: C8668A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD0C81 second address: CD0C8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4CA5099CA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD0DFA second address: CD0DFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD0DFE second address: CD0E04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD106E second address: CD1074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD1074 second address: CD1098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push edi 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F4CA5099CA6h 0x00000015 jmp 00007F4CA5099CAFh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD1098 second address: CD10CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB444h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jne 00007F4CA50AB43Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 jns 00007F4CA50AB436h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD10CA second address: CD10EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c jno 00007F4CA5099CA6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD4B58 second address: CD4B7B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4CA50AB447h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD4B7B second address: CD4B85 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4CA5099CA6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA258 second address: CDA25E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA25E second address: CDA266 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA266 second address: CDA273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD8F7E second address: CD8F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jno 00007F4CA5099CA6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9101 second address: CD9105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9105 second address: CD9135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4CA5099CB5h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9290 second address: CD929C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4CA50AB436h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD929C second address: CD92A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD92A3 second address: CD92A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD954A second address: CD954F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD954F second address: CD955A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD955A second address: CD955E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD955E second address: CD9570 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F4CA50AB436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9570 second address: CD957D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnp 00007F4CA5099CACh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9959 second address: CD9963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9ABD second address: CD9ACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 js 00007F4CA5099CBEh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9ACF second address: CD9AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9AD3 second address: CD9AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9F10 second address: CD9F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9F15 second address: CD9F54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F4CA5099CACh 0x0000000f jmp 00007F4CA5099CB7h 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007F4CA5099CA6h 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF3E0 second address: CDF3FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Fh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F4CA50AB436h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF3FD second address: CDF403 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF403 second address: CDF409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF409 second address: CDF40D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF40D second address: CDF411 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF411 second address: CDF431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F4CA5099CB6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE4414 second address: CE441A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE45B0 second address: CE45B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE45B6 second address: CE45BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE471A second address: CE471E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE499F second address: CE49C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 js 00007F4CA50AB436h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F4CA50AB438h 0x00000015 push eax 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F4CA50AB43Eh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE49C6 second address: CE49D2 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4CA5099CA6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE4B77 second address: CE4B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE4FCD second address: CE4FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62F17 second address: C62F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F4CA50AB436h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007F4CA50AB449h 0x00000013 je 00007F4CA50AB436h 0x00000019 jbe 00007F4CA50AB436h 0x0000001f popad 0x00000020 push edi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62F4E second address: C62F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jmp 00007F4CA5099CB0h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62F6A second address: C62F72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62F72 second address: C62F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEADA1 second address: CEADAB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4CA50AB436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF05E0 second address: CF05E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF05E4 second address: CF05F8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e js 00007F4CA50AB436h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF05F8 second address: CF05FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF05FC second address: CF060A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF060A second address: CF0611 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3F95 second address: CF3F99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3F99 second address: CF3F9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3F9D second address: CF3FAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F4CA50AB436h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF36C7 second address: CF36CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF36CD second address: CF36E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F4CA50AB43Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF36E0 second address: CF36EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3819 second address: CF381D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF381D second address: CF383F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4CA5099CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4CA5099CB6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF383F second address: CF3849 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4CA50AB436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3849 second address: CF384E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF9B2A second address: CF9B45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F4CA50AB436h 0x00000009 jc 00007F4CA50AB436h 0x0000000f jl 00007F4CA50AB436h 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF9B45 second address: CF9B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4CA5099CA6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F4CA5099CACh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF8828 second address: CF8845 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB446h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF8CA9 second address: CF8CAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF8DEB second address: CF8DEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF8DEF second address: CF8DFB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4CA5099CA6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF8DFB second address: CF8E0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA50AB43Bh 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D01379 second address: D01386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4CA5099CA6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF5E1 second address: CFF5E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF5E6 second address: CFF5EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF5EC second address: CFF5F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFE49 second address: CFFE4E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFE4E second address: CFFE58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFE58 second address: CFFE71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c ja 00007F4CA5099CA8h 0x00000012 push edi 0x00000013 push eax 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFE71 second address: CFFE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4CA50AB43Fh 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D00185 second address: D001B2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F4CA5099CB5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jne 00007F4CA5099CA6h 0x00000012 jl 00007F4CA5099CA6h 0x00000018 pushad 0x00000019 popad 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D001B2 second address: D001CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB443h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D001CD second address: D001E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F4CA5099CAFh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D001E5 second address: D00215 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F4CA50AB449h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D00215 second address: D00219 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D00551 second address: D00559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D00559 second address: D00564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D00564 second address: D0056A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D00814 second address: D00818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D00818 second address: D0081E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0081E second address: D0082A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jg 00007F4CA5099CA6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0082A second address: D00845 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB447h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D010D6 second address: D010DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0AF36 second address: D0AF4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4CA50AB440h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0AF4E second address: D0AF55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0B104 second address: D0B109 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14871 second address: D1487D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D12B11 second address: D12B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D130B6 second address: D130BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1324D second address: D13264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jns 00007F4CA50AB436h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007F4CA50AB436h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D13397 second address: D1339B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1339B second address: D133B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jl 00007F4CA50AB436h 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D133B5 second address: D133C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4CA5099CACh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D133C7 second address: D133CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D133CC second address: D133D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4CA5099CA6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1352A second address: D1354A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Fh 0x00000007 jg 00007F4CA50AB436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 push ecx 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D136A9 second address: D136B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1404C second address: D14051 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1B233 second address: D1B24A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA5099CB3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1ADBD second address: D1ADC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D29195 second address: D291CC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4CA5099CCFh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2BC0A second address: D2BC15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F4CA50AB436h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D32D04 second address: D32D12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D32D12 second address: D32D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D32D16 second address: D32D1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5DE01 second address: C5DE0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5DE0A second address: C5DE1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F4CA5099CA6h 0x0000000a jo 00007F4CA5099CA6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3B9E9 second address: D3BA14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Bh 0x00000007 jmp 00007F4CA50AB445h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3BA14 second address: D3BA48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 jmp 00007F4CA5099CB6h 0x0000000c jmp 00007F4CA5099CB1h 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EEE1 second address: D3EEE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EEE5 second address: D3EF03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F4CA5099CB3h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D468FE second address: D46902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46902 second address: D4690C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4690C second address: D46928 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F4CA50AB443h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C53C33 second address: C53C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4CA5099CB4h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45AC8 second address: D45AD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45AD3 second address: D45AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4A7CD second address: D4A805 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4CA50AB440h 0x00000008 jmp 00007F4CA50AB43Ah 0x0000000d jmp 00007F4CA50AB442h 0x00000012 popad 0x00000013 jg 00007F4CA50AB442h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4A805 second address: D4A80B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59097 second address: D5909D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5909D second address: D590A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D590A3 second address: D590B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 jp 00007F4CA50AB436h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D590B4 second address: D590D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA5099CB8h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D590D2 second address: D590E1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007F4CA50AB436h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58F21 second address: D58F2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F4CA5099CA6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5B0A6 second address: D5B0BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F4CA50AB43Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D365 second address: D5D369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D369 second address: D5D37E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F4CA50AB43Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D37E second address: D5D389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4CA5099CA6h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B44C second address: D6B452 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B452 second address: D6B456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6B456 second address: D6B45A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D7AE second address: D6D7B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6D7B7 second address: D6D7CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 je 00007F4CA50AB436h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F4CA50AB436h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F328 second address: D6F33A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop edx 0x0000000e push ecx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F33A second address: D6F342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D871AB second address: D871AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D871AF second address: D871CC instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4CA50AB436h 0x00000008 jmp 00007F4CA50AB443h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D871CC second address: D871D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D871D2 second address: D871D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D877BA second address: D877D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jo 00007F4CA5099CB8h 0x0000000b jmp 00007F4CA5099CACh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87BD1 second address: D87BF8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4CA50AB44Dh 0x00000008 jl 00007F4CA50AB442h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87BF8 second address: D87BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D4F second address: D87D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D53 second address: D87D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D59 second address: D87D7B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4CA50AB44Dh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C2CF second address: D8C2D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C2D3 second address: D8C314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F4CA50AB438h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push 00000004h 0x00000026 movsx edx, di 0x00000029 call 00007F4CA50AB439h 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C314 second address: D8C32B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4CA5099CAFh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C32B second address: D8C349 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB43Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b je 00007F4CA50AB440h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C349 second address: D8C39C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jp 00007F4CA5099CB3h 0x00000010 jmp 00007F4CA5099CADh 0x00000015 mov eax, dword ptr [eax] 0x00000017 jns 00007F4CA5099CB4h 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 pushad 0x00000022 jmp 00007F4CA5099CB6h 0x00000027 pushad 0x00000028 push eax 0x00000029 pop eax 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C64D second address: D8C68E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F4CA50AB438h 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F4CA50AB449h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F4CA50AB442h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C68E second address: D8C6CE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4CA5099CA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007F4CA5099CB2h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 pushad 0x00000017 push ecx 0x00000018 jmp 00007F4CA5099CB6h 0x0000001d pop ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C6CE second address: D8C6D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E07E second address: D8E099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4CA5099CB3h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8DBFC second address: D8DC18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F4CA50AB444h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8FAA5 second address: D8FAAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0B51 second address: 4CD0B98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4CA50AB441h 0x00000008 push eax 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ecx, dword ptr [eax+00000FDCh] 0x00000013 pushad 0x00000014 call 00007F4CA50AB448h 0x00000019 movzx ecx, di 0x0000001c pop edx 0x0000001d push ecx 0x0000001e mov esi, edx 0x00000020 pop edi 0x00000021 popad 0x00000022 test ecx, ecx 0x00000024 pushad 0x00000025 push esi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0B98 second address: 4CD0BA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 movzx esi, di 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0BA2 second address: 4CD0C00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4CA50AB445h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a jns 00007F4CA50AB456h 0x00000010 jmp 00007F4CA50AB43Eh 0x00000015 add eax, ecx 0x00000017 jmp 00007F4CA50AB440h 0x0000001c mov eax, dword ptr [eax+00000860h] 0x00000022 jmp 00007F4CA50AB440h 0x00000027 test eax, eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0C00 second address: 4CD0C04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0C04 second address: 4CD0C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0C0A second address: 4CD0C5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, eax 0x00000005 mov cl, E0h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F4D16FCFDF1h 0x00000010 pushad 0x00000011 mov cx, di 0x00000014 pushfd 0x00000015 jmp 00007F4CA5099CABh 0x0000001a jmp 00007F4CA5099CB3h 0x0000001f popfd 0x00000020 popad 0x00000021 test byte ptr [eax+04h], 00000005h 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F4CA5099CB5h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0C5A second address: 4CD0C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA138D second address: CA1391 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1595 second address: CA15A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4CA50AB440h 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AE3E7D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AE3D93 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AE163A instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 6952

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: file.exe	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1525325793.0000000000FC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525251503.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000FC3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F3E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: \\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AC5BB0 LdrInitializeThunk,

0_2_00AC5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.store
Source: file.exe	String found in binary or memory: spirittunek.store
Source: file.exe	String found in binary or memory: dissapoiznw.store
Source: file.exe	String found in binary or memory: studennotediw.store
Source: file.exe	String found in binary or memory: mobbipenju.store
Source: file.exe	String found in binary or memory: eaglepawnoy.store

Source: file.exe, file.exe, 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
http://store.steampowered.com/account/cookiepreferences/	0%	URL Reputation	safe
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/N	file.exe, 00000000.00000002.1525251503.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://medal.tv	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F78000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/legal/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steam.tv/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://eaglepawnoy.store/api	file.exe, 00000000.00000002.1525251503.0000000000F7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505927184.0000000000F78000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.steampowered.com/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.steampowered.com/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1525137816.0000000000F75000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;	file.exe, 00000000.00000002.1525325793.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1506075617.0000000000FCE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.1505887050.000000000100D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.cloudflare.steamstatic.com/	file.exe, 00000000.00000003.1505887050.0000000001005000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541557
Start date and time:	2024-10-25 00:16:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@9/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
18:17:49	API Interceptor	3x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	104.108.130.154
	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	23.209.51.130
	phish_alert_sp2_2.0.0.0 (1).eml	Get hash	malicious	Unknown	Browse	2.19.126.160
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	http://boulos-sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	23.38.98.114
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	104.127.205.96
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://na4.docusign.net/Signing/EmailStart.aspx?a=c1ee55e8-d253-4731-bf85-5377494446fc&etti=24&acct=c49653d8-ee55-4f22-afc9-287006261d0b&er=251e9446-3fcb-4714-8d01-feee559625a8	Get hash	malicious	HTMLPhisher	Browse	2.19.126.84

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	msvcp110.dll	Get hash	malicious	LummaC	Browse	104.102.49.254
	Setup.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Loader.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Other.Malware-gen.26961.24680.xlsx	Get hash	malicious	Unknown	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.52759165152464
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'023'872 bytes
MD5:	480c71144f234397fd4222635ab78b57
SHA1:	5f8d39408946723b106919381a9e36d228069c3f
SHA256:	1d5de82477d34b944271393c5c7ad28dc8ab613220d1bd52f2876d0a70c36800
SHA512:	86359da6669c2a837e3174d0d50e15d695742e9d34b482d4209c1e4a0255263ad1c1381638ed8c3af619d59cd03bd11dd6339aa2587271ae91e9cddc86fb8034
SSDEEP:	49152:kt8TBiwXIHecQHhnr2YxiVvpzZ/x+G6OE8zoG:lTBiwXIHeFBnr2EoH71d
TLSH:	3AE54BA1A548B1CFF08B1674842BCE866D6E87B90B2048D7FD6CA4BA7D73CC515B6C34
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................1...........@...........................1..... .....@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x71a000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F4CA5028B9Ah
lar ebp, word ptr [esi]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	91f4f762bcfd5e4590473c549a467343	False	0.9994392017326733	data	7.975225099738983	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dhewfvkn	0x60000	0x2b9000	0x2b8c00	37fbb96d9b116b0062ff2906500aaf0f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
fdmuewqf	0x319000	0x1000	0x600	1bdaf4009b1d7dae12b3c72fbde47971	False	0.5436197916666666	data	4.7802795422140525	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x31a000	0x3000	0x2200	d8b3906488934a96e26369fe759fd62a	False	0.06514246323529412	DOS executable (COM)	0.7308200688079916	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-25T00:17:49.858959+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.8	63147	1.1.1.1	53	UDP
2024-10-25T00:17:49.872393+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.8	53477	1.1.1.1	53	UDP
2024-10-25T00:17:49.888906+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.8	54877	1.1.1.1	53	UDP
2024-10-25T00:17:49.920615+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.8	53543	1.1.1.1	53	UDP
2024-10-25T00:17:49.932934+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.8	51630	1.1.1.1	53	UDP
2024-10-25T00:17:49.943340+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.8	61417	1.1.1.1	53	UDP
2024-10-25T00:17:49.955880+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.8	59316	1.1.1.1	53	UDP
2024-10-25T00:17:49.967929+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.8	63100	1.1.1.1	53	UDP
2024-10-25T00:17:51.773625+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.8	49704	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 00:17:49.995184898 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:49.995218039 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:49.995333910 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:49.998527050 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:49.998545885 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:50.899698973 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:50.899776936 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:50.904611111 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:50.904622078 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:50.905016899 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:50.955085039 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:51.190618038 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:51.231323004 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.773668051 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.773693085 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.773746014 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.773761034 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.773786068 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.773842096 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:51.773857117 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.773875952 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:51.773912907 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:51.896922112 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.896972895 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.897005081 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.897108078 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:51.897172928 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:51.920710087 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:51.920710087 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 25, 2024 00:17:51.920738935 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 25, 2024 00:17:51.920748949 CEST	443	49704	104.102.49.254	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 00:17:49.858958960 CEST	63147	53	192.168.2.8	1.1.1.1
Oct 25, 2024 00:17:49.868624926 CEST	53	63147	1.1.1.1	192.168.2.8
Oct 25, 2024 00:17:49.872392893 CEST	53477	53	192.168.2.8	1.1.1.1
Oct 25, 2024 00:17:49.882416964 CEST	53	53477	1.1.1.1	192.168.2.8
Oct 25, 2024 00:17:49.888906002 CEST	54877	53	192.168.2.8	1.1.1.1
Oct 25, 2024 00:17:49.898092985 CEST	53	54877	1.1.1.1	192.168.2.8
Oct 25, 2024 00:17:49.920614958 CEST	53543	53	192.168.2.8	1.1.1.1
Oct 25, 2024 00:17:49.930017948 CEST	53	53543	1.1.1.1	192.168.2.8
Oct 25, 2024 00:17:49.932934046 CEST	51630	53	192.168.2.8	1.1.1.1
Oct 25, 2024 00:17:49.942011118 CEST	53	51630	1.1.1.1	192.168.2.8
Oct 25, 2024 00:17:49.943340063 CEST	61417	53	192.168.2.8	1.1.1.1
Oct 25, 2024 00:17:49.954514027 CEST	53	61417	1.1.1.1	192.168.2.8
Oct 25, 2024 00:17:49.955879927 CEST	59316	53	192.168.2.8	1.1.1.1
Oct 25, 2024 00:17:49.965373993 CEST	53	59316	1.1.1.1	192.168.2.8
Oct 25, 2024 00:17:49.967928886 CEST	63100	53	192.168.2.8	1.1.1.1
Oct 25, 2024 00:17:49.977904081 CEST	53	63100	1.1.1.1	192.168.2.8
Oct 25, 2024 00:17:49.982291937 CEST	58071	53	192.168.2.8	1.1.1.1
Oct 25, 2024 00:17:49.990505934 CEST	53	58071	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 00:17:49.858958960 CEST	192.168.2.8	1.1.1.1	0xb457	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.872392893 CEST	192.168.2.8	1.1.1.1	0x658d	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.888906002 CEST	192.168.2.8	1.1.1.1	0x6a32	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.920614958 CEST	192.168.2.8	1.1.1.1	0x910e	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.932934046 CEST	192.168.2.8	1.1.1.1	0xa85	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.943340063 CEST	192.168.2.8	1.1.1.1	0x67c9	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.955879927 CEST	192.168.2.8	1.1.1.1	0x5110	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.967928886 CEST	192.168.2.8	1.1.1.1	0xc766	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.982291937 CEST	192.168.2.8	1.1.1.1	0x374d	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 00:17:49.868624926 CEST	1.1.1.1	192.168.2.8	0xb457	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.882416964 CEST	1.1.1.1	192.168.2.8	0x658d	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.898092985 CEST	1.1.1.1	192.168.2.8	0x6a32	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.930017948 CEST	1.1.1.1	192.168.2.8	0x910e	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.942011118 CEST	1.1.1.1	192.168.2.8	0xa85	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.954514027 CEST	1.1.1.1	192.168.2.8	0x67c9	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.965373993 CEST	1.1.1.1	192.168.2.8	0x5110	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.977904081 CEST	1.1.1.1	192.168.2.8	0xc766	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 25, 2024 00:17:49.990505934 CEST	1.1.1.1	192.168.2.8	0x374d	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49704	104.102.49.254	443	2768	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-24 22:17:51 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-24 22:17:51 UTC	1917	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 24 Oct 2024 22:17:51 GMT Content-Length: 26105 Connection: close Set-Cookie: sessionid=f2d69d60a61e39e52afe89a6; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cbcfeb0e5371aba24e9977faccad43253; Path=/; Secure; HttpOnly; SameSite=None
2024-10-24 22:17:51 UTC	14467	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-24 22:17:51 UTC	11638	IN	Data Raw: 22 3f 6c 3d 74 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 20 28 54 72 61 64 69 74 69 6f 6e 61 6c 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a Data Ascii: "?l=tchinese" onclick="ChangeLanguage( 'tchinese' ); return false;"> (Traditional Chinese)</a><a class="popup_menu_item tight" href="?l=japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (J

Target ID:	0
Start time:	18:17:48
Start date:	24/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa80000
File size:	3'023'872 bytes
MD5 hash:	480C71144F234397FD4222635AB78B57
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	57.8%
Total number of Nodes:	45
Total number of Limit Nodes:	5

Executed Functions

Function 00AC50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00AC5182

Strings

<I$), xrefs: 00AC52E3
<I$), xrefs: 00AC5198
@^, xrefs: 00AC5120

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: <I$)$<I$)$@^
API String ID: 1029625771-935358343
Opcode ID: 304ad092c5000a6e9e40bad75dbfea395f9a2d74d2bc4457841df944e60e5030
Instruction ID: f14e6016bcc30a11c3e00ce52972332d6d24d5184192108902d2486c4e5c6ad8
Opcode Fuzzy Hash: 304ad092c5000a6e9e40bad75dbfea395f9a2d74d2bc4457841df944e60e5030
Instruction Fuzzy Hash: 1F21A1755093848FC700DFA8D880B6AB7E4AB5A300F69482CE1C6D7351D735D955CB56

Function 00A8FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

VY^_, xrefs: 00A8FDFF
J|BJ, xrefs: 00A9000D
V, xrefs: 00A8FEDC
t, xrefs: 00A8FCBE

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: d7e71158c22e05dee6f706f2552bc7684c1dd6eec3485d5c4e87bf8f48944a2a
Instruction ID: e3aafe6992af1aa19624f12ea820307cc2750853febab9e832eb9cd675da6ff1
Opcode Fuzzy Hash: d7e71158c22e05dee6f706f2552bc7684c1dd6eec3485d5c4e87bf8f48944a2a
Instruction Fuzzy Hash: 3BD1777460C3919FD710DF189590A1FBBE1AF96B84F28892CF5C98B252C336CD49DB92

Function 00A8D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00A8D2F0

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: afdeb73cda826c46a0a964980a7a87a3e61cc99bbe999f81653d2a4423e87ee0
Instruction ID: da659f87bd9aeeb86bbeec862969ec6d0fd0ebfffcb090e94a3a8a195fd40f2c
Opcode Fuzzy Hash: afdeb73cda826c46a0a964980a7a87a3e61cc99bbe999f81653d2a4423e87ee0
Instruction Fuzzy Hash: 8A41327080D380ABD701BB69D684E2EFBF5AF92744F148C1CE5C49B292D33AD8109B67

Function 00AC5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00AC973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00AC5BDE

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00AC695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 00AC69C5

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 656d23e3e59555f06d6e7c83ddd09a39d8ae91281847dc0afdc8f4bb9f17fa81
Instruction ID: 8593ba006eec75f237223259c42d83440656b9e44e01d475cf54068694dffe77
Opcode Fuzzy Hash: 656d23e3e59555f06d6e7c83ddd09a39d8ae91281847dc0afdc8f4bb9f17fa81
Instruction Fuzzy Hash: 7B318BB19183019FD718DF25C8A0B2BB7F1FF89384F58981DE5C697261E3349904CB56

Function 00A9049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce51e96c5af0b6577e8939522d2890984b99a59f3160826fd81404282e7d535
Instruction ID: 924c45952b4dcc7fe4044d747daa28098ea3741b0a79f1be602bfdb3a5e824e5
Opcode Fuzzy Hash: 2ce51e96c5af0b6577e8939522d2890984b99a59f3160826fd81404282e7d535
Instruction Fuzzy Hash: 23917A75200B00CFD724CF65E894E16B7F6FF89710B118A6DE8568BAA1D730E816CB50

Function 00A90228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1fc5f8a449fc72fda4bd57a3a647787dfc22b45f8617201fd0dda531b1a5d50
Instruction ID: 8c5c5d86deb6a2ddbc63992a0aa7eb26d01f581902149799c415af406b28897a
Opcode Fuzzy Hash: b1fc5f8a449fc72fda4bd57a3a647787dfc22b45f8617201fd0dda531b1a5d50
Instruction Fuzzy Hash: 70717874201B00DFD724CF65E894F26BBF6FF89710F11896DE8968BA62D731A816CB50

Function 00AC99D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bbc21e44c4230c74d74fee71e50bc77b1e6cd7780f84098111d9121a61d4910
Instruction ID: 14fd28460a486de984039e30086f8342ea489ab50af4120e9b891ac4c415ed7b
Opcode Fuzzy Hash: 6bbc21e44c4230c74d74fee71e50bc77b1e6cd7780f84098111d9121a61d4910
Instruction Fuzzy Hash: A241BD34608300AFD714DB65E994F2BB7F6EB85754F26882CF58A97251D331EC02CB66

Function 00AC63B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 52758abde5cb6a495f77bd463ad623ff49f1574eeedd60754ff22be5d2e82813
Instruction ID: 3a795b4902f74d7c3360941c066ed9709e04d2f24808d46b8e8843551860fbf1
Opcode Fuzzy Hash: 52758abde5cb6a495f77bd463ad623ff49f1574eeedd60754ff22be5d2e82813
Instruction Fuzzy Hash: 8631E470649301BBDA28DB14CE82F3AB7A5FB81B11F65891CF1826B2E1D370BC51CB56

Function 00A90EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d27543a36afcf0f65d5655e8f713718937db6acf37724dc939d8c0e42890302b
Instruction ID: 4310b986f5233fe19c031054749e500e15f4c3bfdd31094c7278abc9bc4d7256
Opcode Fuzzy Hash: d27543a36afcf0f65d5655e8f713718937db6acf37724dc939d8c0e42890302b
Instruction Fuzzy Hash: 6121F8B5A0121A9FDF15CF94CC90FBEBBB2FB4A304F144859E911BB292C735A911CB64

Function 00AC3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00AC32A6

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 1efe06add1564d44efad08f715884bc90fb3553bba7a4a8e2f2ece86bc61b660
Instruction ID: 45afb24e2187e74c764e89dbf73a6ed58d058ca5673de9fabb4e10e91f50e467
Opcode Fuzzy Hash: 1efe06add1564d44efad08f715884bc90fb3553bba7a4a8e2f2ece86bc61b660
Instruction Fuzzy Hash: 70014B3550E2409BCB01EB58E949E1ABBE8EF5A700F05891CE5C58B361D235DD60CB92

Function 00AC3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00AC3208

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 010a942777577d1535ca5e44f7cd724c39ba4537e3d959a71f280a380a672531
Instruction ID: 6977bfe5015784a3a7ddbb0d3bd96f5760bc82b730dc3175fe6b7d0332646c54
Opcode Fuzzy Hash: 010a942777577d1535ca5e44f7cd724c39ba4537e3d959a71f280a380a672531
Instruction Fuzzy Hash: 5CB012300400005FDA041B40EC0AF003610EB00605F800090A101140B1D1615865C554

Non-executed Functions

Function 00AB23E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AB40EF
fedc, xrefs: 00AB2782
{l`~, xrefs: 00AB268C
mlc@, xrefs: 00AB275C
3<, xrefs: 00AB32D6
Cx, xrefs: 00AB453D
ggxz, xrefs: 00AB2685
|}&C, xrefs: 00AB2F21
:, xrefs: 00AB32DD
`tii, xrefs: 00AB2693
f@~!, xrefs: 00AB25FF
Wu, xrefs: 00AB344B, 00AB4861
aenQ, xrefs: 00AB276A

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$Wu
API String ID: 0-1419478863
Opcode ID: 1366882fe1702fd553c6c671f21206ffc3555e712830120b093fa4d009854ade
Instruction ID: 007fd5f6de5c1d71ae5004400824b1deeb5ee5eb04472c9ae684f469bb90e53e
Opcode Fuzzy Hash: 1366882fe1702fd553c6c671f21206ffc3555e712830120b093fa4d009854ade
Instruction Fuzzy Hash: 0F33AB70504B818FD7258F39C590BA2BBF5BF16304F58899DE4DA8BA93C735E806CB61

Function 00A9DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

T, xrefs: 00A9F157
mjkh, xrefs: 00A9E7D8
AR, xrefs: 00A9DD10
tsrq, xrefs: 00A9E6FC
xgfe, xrefs: 00A9E71D
@ONM, xrefs: 00A9E6DB
%*+(, xrefs: 00A9DE37, 00A9DE46
89>?, xrefs: 00A9E9F6
`onm, xrefs: 00A9E733
tuJK, xrefs: 00A9E967
<=2, xrefs: 00A9EA01
89&', xrefs: 00A9E93B
LKJI, xrefs: 00A9E6E6
`Y^_, xrefs: 00A9E99E
()./, xrefs: 00A9E9CA
DCBA, xrefs: 00A9E887, 00A9E896
WP, xrefs: 00A9DCEF
:WUE, xrefs: 00A9F6B7, 00A9F6C6
D, xrefs: 00A9E846
dcba, xrefs: 00A9E728
|, xrefs: 00A9ECB1
<=:;, xrefs: 00A9E930
lkji, xrefs: 00A9E73E
QNOL, xrefs: 00A9E775

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 094b2bbf1e2c7b3bf3c048c2047549c01dded858ecf5069a1f41c819c75125c3
Instruction ID: 398ab948ab058d6770017d522b86e76dfb9e3ecb38e11f88e84d6d163a1ae891
Opcode Fuzzy Hash: 094b2bbf1e2c7b3bf3c048c2047549c01dded858ecf5069a1f41c819c75125c3
Instruction Fuzzy Hash: B2F269B16093819FDB70CF14C484BABBBE6BFD5304F14482DE4C98B292DB359995CB92

Function 00AA9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

sm, xrefs: 00AAA830
kW, xrefs: 00AAA380
?m,o, xrefs: 00AAA13C
hi, xrefs: 00AAAB9D
/), xrefs: 00AAA66D
Gt, xrefs: 00AA9FF8
WH, xrefs: 00AAAA1C
S], xrefs: 00AAA636
N[, xrefs: 00AAA375
_Y, xrefs: 00AAA641
CG, xrefs: 00AAAA32
(a*c, xrefs: 00AAA147
=], xrefs: 00AAA36A
%e6g, xrefs: 00AAA152
WQ, xrefs: 00AAA62B
JG, xrefs: 00AAAA27
]{, xrefs: 00AAA1E7, 00AAA1F3

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 4e4200e2105f13edff77c6ae28ef9b13cf5c5605724e02176b9f1a444ae8929e
Instruction ID: afe3d3baf35d8cd8b160a5e68ca9158c39f9bd2c8cd0bd77aeb44d6242ea0a24
Opcode Fuzzy Hash: 4e4200e2105f13edff77c6ae28ef9b13cf5c5605724e02176b9f1a444ae8929e
Instruction Fuzzy Hash: 0652B6B414D3858AE270CF65D681B8EBAF1BB92740F608A1DE1ED9B255DB708045CF93

Function 00AA9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

B7U1, xrefs: 00AA9AFB
L3Y=, xrefs: 00AA9B03
O+f), xrefs: 00AA9634, 00AA963D
G'M!, xrefs: 00AA9ADB
!E4G, xrefs: 00AA9836
B?Q9, xrefs: 00AA9B0B
T#a-, xrefs: 00AA9AE3
,A&C, xrefs: 00AA982E
;IJK, xrefs: 00AA983E
pq, xrefs: 00AA99E0
2A"_, xrefs: 00AA9980
8;, xrefs: 00AA9B13
G+X5, xrefs: 00AA9AF3
X/R), xrefs: 00AA9AEB
?M0K, xrefs: 00AA9968
z=Q?, xrefs: 00AA9826

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 6f64f15a54ac0ce68185771f892efe05f602daec6e169108b876ae1621da656e
Instruction ID: f85d9d61b65675200190d47f8a922898540128f01bcbb4e857fd1f5bec02462a
Opcode Fuzzy Hash: 6f64f15a54ac0ce68185771f892efe05f602daec6e169108b876ae1621da656e
Instruction Fuzzy Hash: 31F13FB4508380ABD310DF55D981A2BBBF4FB8AB88F144D1CF4D59B292D334D909CBA6

Function 00AADD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

upH}, xrefs: 00AADE8A, 00AAE798, 00AADF4A
-M2O, xrefs: 00AAE25A
Y9N;, xrefs: 00AAE245
,Q?S, xrefs: 00AAE26F
<Y.[, xrefs: 00AAE27D
n\+H, xrefs: 00AADDC0
%*+(, xrefs: 00AAE143
{E, xrefs: 00AAE323
)IgK, xrefs: 00AAE261
hX]N, xrefs: 00AADDC7
=]+_, xrefs: 00AAE276

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: ccaa7ba76e44b10f6bcbac86b71422b2ec00ba8dd35776ab30708bfc734265de
Instruction ID: c3cacbbac5ad330714f30b634e4b4e985d30f36b28226e32c65ca33f6f0da448
Opcode Fuzzy Hash: ccaa7ba76e44b10f6bcbac86b71422b2ec00ba8dd35776ab30708bfc734265de
Instruction Fuzzy Hash: F892E671E01215CFDB14CFA8D8917AEBBB2FF4A310F298169E456AB391D7359D02CB90

Function 00AA098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AA0A77, 00AA0A86
qrqp, xrefs: 00AA1089
9.5^, xrefs: 00AA0F9F
{, xrefs: 00AA1502
&> &, xrefs: 00AA0F89
gce/, xrefs: 00AA1073
cah`, xrefs: 00AA107E
,#15, xrefs: 00AA0F94

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: af47beb62b75d2623202b880f95cb4decf4718249410f7a706c279d9ef5627f5
Instruction ID: 46100d410f75e62d9f1b0040d3ae981f8d3595f4ce66f12791b58d1694b8b993
Opcode Fuzzy Hash: af47beb62b75d2623202b880f95cb4decf4718249410f7a706c279d9ef5627f5
Instruction Fuzzy Hash: F762A7B56083818BD730DF14D891BABBBE1FF96314F08892DE49A8B681E3359945CB53

Function 00A81000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

-, xrefs: 00A821ED
gfff, xrefs: 00A822E1
0123456789ABCDEFXP, xrefs: 00A8157D, 00A815EB
gfff, xrefs: 00A82226
@, xrefs: 00A82C40
gfff, xrefs: 00A82297
0123456789abcdefxp, xrefs: 00A81587, 00A815F8

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: a5f333585ba06b723905d7b002e6742d5c5f1720f31fb3a98eb0c7816cc08e18
Instruction ID: 57d9e7ba8ecdd6d1312671b49262c344bcb58f9fcdcd280cf026f316f0b16851
Opcode Fuzzy Hash: a5f333585ba06b723905d7b002e6742d5c5f1720f31fb3a98eb0c7816cc08e18
Instruction Fuzzy Hash: 5AD2E3726083418FD718DF29C89436ABBE2AFD5314F188A2DE499CB391D774DD46CB82

Function 00C61991 Relevance: 10.3, Strings: 7, Instructions: 1582COMMON

Download Yara Rule

Strings

?S\, xrefs: 00C62373
J17', xrefs: 00C624CA
z5o, xrefs: 00C61DD0
Jg{, xrefs: 00C62C9B
>u{[, xrefs: 00C62047
cG+, xrefs: 00C62CA0
_~?7, xrefs: 00C6214C

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: >u{[$J17'$_~?7$cG+$z5o$?S\$Jg{
API String ID: 0-4057051289
Opcode ID: a122c4d318c0f7ab0b1cb3e2f480a6169eb860aa6a9dc7628e03feb9155de2d7
Instruction ID: 20b3f8d97a93d4d73a7c6365d411cb24055565eb8699d6300601f851397344f2
Opcode Fuzzy Hash: a122c4d318c0f7ab0b1cb3e2f480a6169eb860aa6a9dc7628e03feb9155de2d7
Instruction Fuzzy Hash: 4DB227F3A0C200AFE3086E2DDD8567ABBE9EF94720F1A493DE6C5C7744E63558058792

Function 00C4F197 Relevance: 9.1, Strings: 6, Instructions: 1624COMMON

Download Yara Rule

Strings

{-*, xrefs: 00C4F9BD
3+B, xrefs: 00C500DF
sb(W, xrefs: 00C5044D
x|?, xrefs: 00C4F6F8
"}?, xrefs: 00C4F245
D6/, xrefs: 00C4FCCE

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 3+B$D6/$sb(W$x|?${-*$"}?
API String ID: 0-2932941863
Opcode ID: 2db89d640072f031d29a746e000ffe8fab3f1a21a11bb619b31bdc72f0d71b60
Instruction ID: 460e55046f5a7d21e0c12ab5242419fbdd0c351c58b490b7d48d2543c1886ab9
Opcode Fuzzy Hash: 2db89d640072f031d29a746e000ffe8fab3f1a21a11bb619b31bdc72f0d71b60
Instruction Fuzzy Hash: 46B218F3A0C2049FE304AE2DEC8567ABBE5EF94720F1A463DE6C4C7744EA3558058697

Function 00C6697C Relevance: 9.1, Strings: 6, Instructions: 1609COMMON

Download Yara Rule

Strings

>p>o, xrefs: 00C675AE
WuXK, xrefs: 00C67CB1
'8_{, xrefs: 00C66BE3
8^o, xrefs: 00C67683
%q~z, xrefs: 00C66DDF
Cr, xrefs: 00C672E7

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %q~z$'8_{$>p>o$WuXK$Cr$8^o
API String ID: 0-4033925271
Opcode ID: 3ebca54293ec392161536add240d5a77a78a6f04ee3b13b8876223f8503e90bc
Instruction ID: 6d2ce35657d5f9e3157613190d9fb1db0575e8c8c6c5cf44e447339bf99b6f4a
Opcode Fuzzy Hash: 3ebca54293ec392161536add240d5a77a78a6f04ee3b13b8876223f8503e90bc
Instruction Fuzzy Hash: 6EB2F8F360C2049FE304AE2DEC8577ABBE5EF94720F1A453DE6C4C7744EA3598058696

Function 00C576C4 Relevance: 7.9, Strings: 5, Instructions: 1677COMMON

Download Yara Rule

Strings

l4{, xrefs: 00C58090
]Y&, xrefs: 00C58765
O#SM, xrefs: 00C580E2
'~_, xrefs: 00C580B7
S0m_, xrefs: 00C57A01

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: O#SM$S0m_$]Y&$'~_$l4{
API String ID: 0-928512367
Opcode ID: 16ba6516e48fdd5acfeaecde6285c0139dbb5e2cf0c4bb6472868121d71631ba
Instruction ID: 5f6472e8804383f159ea206aaa36a3b5021f35eea7948780f77fb8d0368505d4
Opcode Fuzzy Hash: 16ba6516e48fdd5acfeaecde6285c0139dbb5e2cf0c4bb6472868121d71631ba
Instruction Fuzzy Hash: 29B237F39082109FE3046E2DEC8577ABBE9EF94720F1A4A3DEAC4D7740E63558058796

Function 00C5C7FF Relevance: 7.9, Strings: 5, Instructions: 1624COMMON

Download Yara Rule

Strings

!PI_, xrefs: 00C5D57F
>V1, xrefs: 00C5D125
^Ro_, xrefs: 00C5D3BC
^z, xrefs: 00C5DB7B
tW7T, xrefs: 00C5D621, 00C5D65D, 00C5D69B, 00C5D729, 00C5D7A9

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: !PI_$>V1$^Ro_$tW7T$^z
API String ID: 0-1728179837
Opcode ID: c68b1bd9a361fa4e78313eef8552d0cef5e9430e3ca857b32c43ac1eaaccce9f
Instruction ID: da066ba2c4616f701a50ea2b91752297ea389d9df69841e2bf549cad4a3f855e
Opcode Fuzzy Hash: c68b1bd9a361fa4e78313eef8552d0cef5e9430e3ca857b32c43ac1eaaccce9f
Instruction Fuzzy Hash: 24B239F3A0C2049FE704AE2DEC8577ABBE9EF94720F16453DEAC5C7744EA3558048692

Function 00C5E3DA Relevance: 7.8, Strings: 5, Instructions: 1587COMMON

Download Yara Rule

Strings

`m;, xrefs: 00C5EEAA
vy=U, xrefs: 00C5E68B
0r5, xrefs: 00C5F5BD
y;\, xrefs: 00C5E8F6
8P]b, xrefs: 00C5E51B

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 0r5$8P]b$`m;$vy=U$y;\
API String ID: 0-3050933100
Opcode ID: 889e50708c5d493ccc74b86ede6425aeee8bcde867219a739ce7824e41f81517
Instruction ID: cf8ac8fc9f9b90d2b2b908ca4d9a5a27ad94aef302e900eef0fef3dcbc2b3e0b
Opcode Fuzzy Hash: 889e50708c5d493ccc74b86ede6425aeee8bcde867219a739ce7824e41f81517
Instruction Fuzzy Hash: 9AA229F3A0C2009FE704AE2DEC8567ABBE6EFD4320F1A493DE6C4C7744E63558058696

Function 00A812F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

@, xrefs: 00A83531
0, xrefs: 00A81DC1
0, xrefs: 00A81E88
0, xrefs: 00A8243E
i, xrefs: 00A828EA

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 3dde4e92011d443bf38784757d3a23d30fd0a34c8901d3fb1e3484e0dd03908d
Instruction ID: 707be819079ef8272ef890b9932bd70e7e6ded67e111138ebfdbe863c263f1ea
Opcode Fuzzy Hash: 3dde4e92011d443bf38784757d3a23d30fd0a34c8901d3fb1e3484e0dd03908d
Instruction Fuzzy Hash: 5862D07160C3818FD718EF28C49476ABBE1AFD5304F188A2DE8DA87291D774DD49CB82

Function 00A8164F Relevance: 6.7, Strings: 5, Instructions: 472COMMON

Download Yara Rule

Strings

gfff, xrefs: 00A81F3C
0123456789ABCDEFXP, xrefs: 00A8164F
+, xrefs: 00A81573
0123456789abcdefxp, xrefs: 00A81659
gfff, xrefs: 00A81F57

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-1123320326
Opcode ID: e1937dd5de9213eaeae4ab074e16847daf674b5fc563521e35f872b3f8a3b3dc
Instruction ID: 0d56a8e2275eb65fb422bdfdd7f9a44ca4902e53cbea6a825b3bde36478c9b88
Opcode Fuzzy Hash: e1937dd5de9213eaeae4ab074e16847daf674b5fc563521e35f872b3f8a3b3dc
Instruction Fuzzy Hash: 3BF1AD3160C3818FC719DF29C48436AFBE2ABD9304F188A6EE4D987352D734D949CB92

Function 00A813A3 Relevance: 6.6, Strings: 5, Instructions: 390COMMON

Download Yara Rule

Strings

gfff, xrefs: 00A81F3C
0123456789ABCDEFXP, xrefs: 00A813A3
0123456789abcdefxp, xrefs: 00A813AD
gfff, xrefs: 00A81F57
-, xrefs: 00A81F23

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
API String ID: 0-3620105454
Opcode ID: 437d959e40e8886f74d417a3a59fe70d968c79d70c9fa588dce99b03bd390789
Instruction ID: 726b81002ca65ca2376d82ce31845381b84d500c3bdbf72d1134b494b9bb5cd3
Opcode Fuzzy Hash: 437d959e40e8886f74d417a3a59fe70d968c79d70c9fa588dce99b03bd390789
Instruction Fuzzy Hash: B1D1AE7160D7818FC719DF29C48426AFBE2AFD9304F08CA6EE4D987352D634D949CB52

Function 00C607A0 Relevance: 5.8, Strings: 4, Instructions: 833COMMON

Download Yara Rule

Strings

08gr, xrefs: 00C60BA9
xg{, xrefs: 00C60E23
ln?, xrefs: 00C6098E
`?$?, xrefs: 00C61137

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: xg{$08gr$`?$?$ln?
API String ID: 0-1970283436
Opcode ID: 08fec900b724d09a1f59dfa0861b445af78e07113de2084ef14ff5ddbdfcfa98
Instruction ID: 1c5af4180e35e0467898e7a7bb4aa85ca035d5d85e91d208fd12fbb74eba821b
Opcode Fuzzy Hash: 08fec900b724d09a1f59dfa0861b445af78e07113de2084ef14ff5ddbdfcfa98
Instruction Fuzzy Hash: DC42F7F360C604AFE3046E2DEC8567ABBE9EF94220F164A3DE6C4C7744EA3558058797

Function 00AAFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

:, xrefs: 00AB0087
NA_I, xrefs: 00AB036D
uvw, xrefs: 00AAFE95
m1s3, xrefs: 00AAFEC3, 00AAFECB

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: dc0d6880ec58161c312c716f99148c204b37f191fe492ce0069887365910b4d8
Instruction ID: 09dde306f7346c75017296b7f9dc13de41544469ad9c06259fbb3b9913210695
Opcode Fuzzy Hash: dc0d6880ec58161c312c716f99148c204b37f191fe492ce0069887365910b4d8
Instruction Fuzzy Hash: 3A32A7B0909380DFD315DF68D880A6BBBE9AB8A340F144A2DF5D58B2A2D335D905CB52

Function 00A93BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

ss, xrefs: 00A93C79
;z, xrefs: 00A93C87
p, xrefs: 00A93C80
%*+(, xrefs: 00A93EC4

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: 2dbe4b98bf3fd5d7aed23229c028b67f411093325b5a47ef2636281bda5d7824
Instruction ID: d984b7021b5b671b0f525c0bc879461da8983c5d2b56a2567af8f4fb44b7824f
Opcode Fuzzy Hash: 2dbe4b98bf3fd5d7aed23229c028b67f411093325b5a47ef2636281bda5d7824
Instruction Fuzzy Hash: D9026DB4910700DFDB60EF25D986B56BFF1FB05300F50895DE89A8B695E330A815CBA2

Function 00C63452 Relevance: 5.4, Strings: 3, Instructions: 1647COMMON

Download Yara Rule

Strings

_#/, xrefs: 00C63D0B
D/ik, xrefs: 00C64278
5yz~, xrefs: 00C6392D

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 5yz~$D/ik$_#/
API String ID: 0-734046650
Opcode ID: 88e139bd1e6fba85373832a23c8c27d741f3f852b70e51163acfeeb3b3ee4667
Instruction ID: c9b78fc260b6690eb8e936eb03244b29f639708f3f0f15899d2e3a13ed4e7488
Opcode Fuzzy Hash: 88e139bd1e6fba85373832a23c8c27d741f3f852b70e51163acfeeb3b3ee4667
Instruction Fuzzy Hash: ECB206F360C6049FE304AE2DEC8567ABBE9EFD4320F16893DE6C5C3744E63598058696

Function 00AA2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

sj, xrefs: 00AA2327
lc, xrefs: 00AA2507
a|, xrefs: 00AA2317
hu, xrefs: 00AA232F

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: a1d875891d857dd17edcd3e1fa4e508f32e8253b3de7b8932e632c0ca575696b
Instruction ID: 6fc8a056009b241e2e7013e84361a9e7a57f73a3cbe5a48c649f2ebedaf0f9f1
Opcode Fuzzy Hash: a1d875891d857dd17edcd3e1fa4e508f32e8253b3de7b8932e632c0ca575696b
Instruction Fuzzy Hash: 1AA17B748083418BC720DF18C891B2BB7F0FF96754F589A0CE8D99B291E339D955CBA6

Function 00C50C61 Relevance: 5.4, Strings: 3, Instructions: 1633COMMON

Download Yara Rule

Strings

a%o, xrefs: 00C5106B
a%o, xrefs: 00C5104D
:&_, xrefs: 00C50E2C

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: :&_$a%o$a%o
API String ID: 0-1557382907
Opcode ID: 377f04b8553c655237b7b5d5224e2f103d4e421bfdd2d08823ba53479059f929
Instruction ID: 45953b774f8c14c34ec7f25bce593f7ffb9cb188496c1c10f52e66272d857902
Opcode Fuzzy Hash: 377f04b8553c655237b7b5d5224e2f103d4e421bfdd2d08823ba53479059f929
Instruction Fuzzy Hash: 23B208F360C2049FE304AE2DEC8567ABBE5EF94720F16893DEAC4C7744E63598058697

Function 00C59270 Relevance: 5.4, Strings: 3, Instructions: 1618COMMON

Download Yara Rule

Strings

k3?, xrefs: 00C59CF2
Q~[9, xrefs: 00C59B36
7(;, xrefs: 00C5A55E

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 7(;$Q~[9$k3?
API String ID: 0-1193522468
Opcode ID: 93019c30ea55b1688dd0577faef1fa3a6e558ca6def12c18727e1ac601e80c91
Instruction ID: 6555f809de62e02247ea2c3f4ec32e4632dee23fa6b2e6e0a109cb228ecfbb7e
Opcode Fuzzy Hash: 93019c30ea55b1688dd0577faef1fa3a6e558ca6def12c18727e1ac601e80c91
Instruction Fuzzy Hash: F9B2F4F360C2109FD304AE2DEC8567AFBE9EF98720F16493DEAC4C3744EA7558018696

Function 00AAD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

T>, xrefs: 00AAD984
#', xrefs: 00AAD9EA
KV, xrefs: 00AAD97D
CV, xrefs: 00AAD98B

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 0dc11a9f9ea3347781497e5f0d28395ef2d4d28a776d5d3d9fbd2b637fcc32ce
Instruction ID: f622b162fbaab3dd923ee8ca649b7790b3fac089a6f5653bac742b246a224f71
Opcode Fuzzy Hash: 0dc11a9f9ea3347781497e5f0d28395ef2d4d28a776d5d3d9fbd2b637fcc32ce
Instruction Fuzzy Hash: 9D8155B48017459BDB20DFA5D2855AFBFB1FF16300F60460CE486ABA95C334AA55CFE2

Function 00AAAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

4c2a, xrefs: 00AAACA9
lk, xrefs: 00AAACBC
,{*y, xrefs: 00AAAD07, 00AAAD13
(g6e, xrefs: 00AAACA1

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: cf62c8f68b1da61546436fbc0b21b49328ead47780ee929465d8dcd7a9ea2b1c
Instruction ID: 5d07252c0dd3d0060b975b401effb21bc470a748ab11958fa81348e3e917c321
Opcode Fuzzy Hash: cf62c8f68b1da61546436fbc0b21b49328ead47780ee929465d8dcd7a9ea2b1c
Instruction Fuzzy Hash: 8D4182B4409382CBD7209F20D900BABB7F0FF86305F54995EE5C997260EB32D945CB96

Function 00AAC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AAC8C3, 00AAC8CB
%*+(, xrefs: 00AAC9E4, 00AAC9ED
~/i!, xrefs: 00AAC537

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: d5c95260221309cd0f4e5de3b7a581e4ed7c0223d4677ac8edd48f5972fff2c7
Instruction ID: a3a3a536ac10b1c8779c9ba6056c6a3595e1c2f6297bc9fa7d2018efcd796d7f
Opcode Fuzzy Hash: d5c95260221309cd0f4e5de3b7a581e4ed7c0223d4677ac8edd48f5972fff2c7
Instruction Fuzzy Hash: 53E198B5909340EFE320DFA4D881B2BBBF5FB86354F44882DE58987291E735D811CB92

Function 00A88590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00A8860C
), xrefs: 00A88616
IEND, xrefs: 00A889F0

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: 7f76533d75984917e50c36cd762360c0b8ccbc1822cc904b518f249e35248c61
Instruction ID: a7d46939ead9f0dd7b7c44dce03da017d3364dcecf8120ae0902857e1f756e95
Opcode Fuzzy Hash: 7f76533d75984917e50c36cd762360c0b8ccbc1822cc904b518f249e35248c61
Instruction Fuzzy Hash: 5AE1E1B1A087029FE310EF28D88172AFBE1BF94314F54492DE59597381EB79E914CBD2

Function 00C55C35 Relevance: 4.1, Strings: 2, Instructions: 1604COMMON

Download Yara Rule

Strings

./x, xrefs: 00C56597
Ia], xrefs: 00C56C15

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: ./x$Ia]
API String ID: 0-2462016093
Opcode ID: 32da496d40fe5537b0bc46d5a6dde1387d5ca9988786eb54136888f6238cdf08
Instruction ID: 4a51482d5b1e185731c909983085f8f86f711a1668955816598ab9b1fdb042d6
Opcode Fuzzy Hash: 32da496d40fe5537b0bc46d5a6dde1387d5ca9988786eb54136888f6238cdf08
Instruction Fuzzy Hash: 3CB206F3A0C6009FE704AE2DEC8167ABBE5EF94720F16893DE6C4C7744E63598058697

Function 00B1FFFC Relevance: 3.9, Strings: 3, Instructions: 184COMMON

Download Yara Rule

Strings

0I?M, xrefs: 00B20026
zw, xrefs: 00B200D8
A#_, xrefs: 00B20082

Memory Dump Source

Source File: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 0I?M$A#_$zw
API String ID: 0-1739366643
Opcode ID: 7c4538eb51f0e000f40bf225b67327f8fca4dfb6b8ddacfae37c2d8a5813f1ef
Instruction ID: 7f06c4686026026445e7d0cc2f6c6a27d69f3513bcb4b4449ce749908b3354fa
Opcode Fuzzy Hash: 7c4538eb51f0e000f40bf225b67327f8fca4dfb6b8ddacfae37c2d8a5813f1ef
Instruction Fuzzy Hash: 0E5136F3E096145BE7086E2DEC2537AB7DAEFE0760F1B453DDA8683784E975490182C2

Function 00C54556 Relevance: 3.8, Strings: 2, Instructions: 1329COMMON

Download Yara Rule

Strings

j9., xrefs: 00C54A52
xM=, xrefs: 00C54975

Memory Dump Source

Source File: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: j9.$xM=
API String ID: 0-423779432
Opcode ID: 0c5a3d866ac5e3854edc27c19e569f7d05e89b16514f8f11e0c0840b11d951e2
Instruction ID: fcabccf29ebac79d9664d04b03f852b660853949ebf77e947ac107d66989afe5
Opcode Fuzzy Hash: 0c5a3d866ac5e3854edc27c19e569f7d05e89b16514f8f11e0c0840b11d951e2
Instruction Fuzzy Hash: B29207F360C204AFE3046E29EC8567AFBE9EFD4720F168A3DE6C483744E63558058697

Function 00AC4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AC40A4, 00AC40AD
f, xrefs: 00AC420C

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 7e454c422a1fe5460fb2b3eb7f5df30e35f98fb4342b8501244589d33270b6e2
Instruction ID: 99de6d7f8bc0f25b369e05642a56c35359e9abbd5542525404fcc91fbdcd30fe
Opcode Fuzzy Hash: 7e454c422a1fe5460fb2b3eb7f5df30e35f98fb4342b8501244589d33270b6e2
Instruction Fuzzy Hash: 1B129B716083419FC714CF28C8A0F2ABBF2BB89314F198A2DF4D59B291D735E945CB96

Function 00ABF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

dg, xrefs: 00ABF7F5
hi, xrefs: 00ABF6E6

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 845aa84bc60760aff51fbb3a6231b3ca62aba6888a53812d0bf02d4efc5e563c
Instruction ID: a2bd6d50542b8e3ad850cb0b019a25a835fc51f40c10af991f0099c2092f18a4
Opcode Fuzzy Hash: 845aa84bc60760aff51fbb3a6231b3ca62aba6888a53812d0bf02d4efc5e563c
Instruction Fuzzy Hash: 9BF18371618341EFE704CF64D891B6ABBF6EB99344F188D2DF0868B2A2C735D945CB12

Function 00A835B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 00A8360E
Inf, xrefs: 00A83607

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: a96352e4fa258c05b91129135dd48cdfb5b711b8ad19d79e4506251617c4f63a
Instruction ID: 035c3b5eecd6856fb89326065b0c7ca4b1b5e5d2b9ddb2885b4bfb528115d14e
Opcode Fuzzy Hash: a96352e4fa258c05b91129135dd48cdfb5b711b8ad19d79e4506251617c4f63a
Instruction Fuzzy Hash: C7D1D672A083119BCB08DF29C88061EFBE5EBC8B50F15893DF99997390E675DD058B82

Function 00A9FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

Ye[g, xrefs: 00AA00F6
BaBc, xrefs: 00AA0197

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 5c495a3398408b88a4d899f13cb63bb0a19c9df299c5bec98e97b25b5b8b88fb
Instruction ID: 0584e985dfa1609002c117b4f63a6133b81a54848347b1b1202dc3b881917718
Opcode Fuzzy Hash: 5c495a3398408b88a4d899f13cb63bb0a19c9df299c5bec98e97b25b5b8b88fb
Instruction Fuzzy Hash: 375189B16083818BD731DF18C881BABB7E0FF97360F19492DE49A8B691E3749944CB57

Function 00A85160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 00A854C8

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: c15d4aebe056cedfa328704b1a229789e3290a630df9baf01febe66908791450
Instruction ID: 06505d7787c404500f073ca89a8f2ad20194811dc16090b79a19900ecf84454f
Opcode Fuzzy Hash: c15d4aebe056cedfa328704b1a229789e3290a630df9baf01febe66908791450
Instruction Fuzzy Hash: 7122BFB6E08B428BE715AF38D940326BBA2AFA1314F1DC96DDC994B341E771DC49C742

Function 00AB12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 00AB15D1

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: a352eb43eeebf1d4b7aafd0fee418c9b3e2cd05a9624db4f0244fd287cea9cff
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: AEF10871A083415FC724CF24C4A06ABBBEAAFC5354F58C96DE89A8B383D634DD45C792

Function 00AAAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AAB2D3, 00AAB2DB

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 6c62b46fa64565a35d153d6518b3b9e27f00d6bc43e39c9fcde1ad0f045a5818
Instruction ID: a8cae4ae026cb0339563bcf0b8087b166c3ca59352ae5ad7cbe95eb9dcf5d24e
Opcode Fuzzy Hash: 6c62b46fa64565a35d153d6518b3b9e27f00d6bc43e39c9fcde1ad0f045a5818
Instruction Fuzzy Hash: F9E1DC71518306DBC714EF28C49056EB3F2FF9A781F54891CE4C6872A1E331E959CBA2

Function 00A96EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A96EF3

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 5f6eb54b63cfb12d93f21fb623076c6f19f3f7c8c88d37579fd8bccfe7a961e6
Instruction ID: 4d72f253ebe55585c1f24fa83924ede525e66a2e65fa6afe7a258a477d4d526c
Opcode Fuzzy Hash: 5f6eb54b63cfb12d93f21fb623076c6f19f3f7c8c88d37579fd8bccfe7a961e6
Instruction Fuzzy Hash: 3EF18DB5A00B01CFCB24DF24D981A26B3F6FF48314B158A2DE49787AA1EB34F815CB51

Function 00AA7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AA8263, 00AA826B

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 4f1bb1de5700747ddf132b937094556c2a52e81096cfc3e9d69edc574bd1c648
Instruction ID: f511251f0cad7b9f9d6dd53100707a088f1c5ae4d54f3a44ddddf02f426856f3
Opcode Fuzzy Hash: 4f1bb1de5700747ddf132b937094556c2a52e81096cfc3e9d69edc574bd1c648
Instruction Fuzzy Hash: 3BC19E71908200ABD711EB14CD82A2FB7F5EF96754F08891CF8C59B291E739ED15CBA2

Function 00AA8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AA9233, 00AA923B

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: b7a037cc21b4f89b60e7250bdbdee9abe4042c4bea9602e5073cf7a7f978c264
Instruction ID: 4b8377a4a4eb2153d39ba7aa61a48ba74ff0c32d3923e0f64ff2ec67dfad5a89
Opcode Fuzzy Hash: b7a037cc21b4f89b60e7250bdbdee9abe4042c4bea9602e5073cf7a7f978c264
Instruction Fuzzy Hash: 70D1CD70619302DFD704DFA8DC90B2AB7E6FF8A304F59886EE88687291D734E951CB51

Function 00AC7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00AC8167

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: a85ffea7b153fbe731cf85d391b581100bce74389cd7213e4447ca86ec539fdb
Instruction ID: b8bfef908bcc260d4f5cfcc89f974939cf1c7433e7c3371ba6dab19a39538b49
Opcode Fuzzy Hash: a85ffea7b153fbe731cf85d391b581100bce74389cd7213e4447ca86ec539fdb
Instruction Fuzzy Hash: 31D1D4729082658FC725CE189890B5EB7E1FB85718F168A3CE8B5AB380DB75DC46C7C1

Function 00AACCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AACDC3, 00AACDCB

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: bc27126c810948894e5bea5723c60ef94d02f255bfc00b6f5c26ce43913b711e
Instruction ID: 5dcedefb80cc9d19d32693c706a643fcea6115fa92c2d22720a730140046b9aa
Opcode Fuzzy Hash: bc27126c810948894e5bea5723c60ef94d02f255bfc00b6f5c26ce43913b711e
Instruction Fuzzy Hash: 97B1D070A093019FE714DF64D880B2BBBE2EF96360F14492CE5C68B291E335D955CB92

Function 00A8A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 00A8A9C3

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: a17c4fa5bc1354185ce3f2a7f4cab73b3c8458d4fba7d9b04bd0d14d20238a06
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: 3AB1287120C3819FD324DF28C88461BBBE1AFA9704F448A2DF5D997342D675EA18CB67

Function 00ABFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00ABFCA4, 00ABFCAD

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c0e285fb782897f3e9dbcab52d2397cf6bd00d06e2e702c14c3158e721afd446
Instruction ID: 2fd74f4d1541d27c5be303a90f0c6c65266c338f9429d32a74c5b2e1cd1957ac
Opcode Fuzzy Hash: c0e285fb782897f3e9dbcab52d2397cf6bd00d06e2e702c14c3158e721afd446
Instruction Fuzzy Hash: 7981BC71609300AFD710DFA8DD84B6AB7E9FB99705F188C2DF18587252E731E815CB62

Function 00A9D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A9D663, 00A9D66B

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: e59c358b230bc13f90feb496a8d5fe8edd290331296a9e719808be9ca5f989d0
Instruction ID: 6a469c55c2ba6d0ff12d5dbed53e68fb1db43a432c715deaaff218c335fe7257
Opcode Fuzzy Hash: e59c358b230bc13f90feb496a8d5fe8edd290331296a9e719808be9ca5f989d0
Instruction Fuzzy Hash: 1861F271A09204DBDB10EF58DC82A2AB3F1FF95354F09092DF98A8B251E335E951CB92

Function 00AC4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AC4C33, 00AC4C3B

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: bcd9fd1c3192ff6009bbcf7516149c63d0a52be9a8ccbc5c0463b5bcdfba5f6f
Instruction ID: d3ee69862c3ffdacc61faf150e5e33f422105089ba9972d22d291c0f4ed0ff0f
Opcode Fuzzy Hash: bcd9fd1c3192ff6009bbcf7516149c63d0a52be9a8ccbc5c0463b5bcdfba5f6f
Instruction Fuzzy Hash: F061E371A0D3019BD710DF65C8A0F2ABBE6EBC8314F2A891CE9C5872A1D731EC41CB59

Function 00B51C06 Relevance: 1.4, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

*;w, xrefs: 00B51D5F

Memory Dump Source

Source File: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: *;w
API String ID: 0-504418893
Opcode ID: df60bbdf514f3bb6897411315caef935ddab8a1e5dac8bba169d46beea200265
Instruction ID: f0d808cfa994ac8b3fbaa6424e62e8b9a714b7fa9d809f57d61abcd109cb6672
Opcode Fuzzy Hash: df60bbdf514f3bb6897411315caef935ddab8a1e5dac8bba169d46beea200265
Instruction Fuzzy Hash: B451C8F39082109BF314AE28EC4577AB7E5EB94724F1A893DDBC497780EA395C0587C6

Function 00A8E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 00A8E333

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 1d752078703a717ca83913722db2b260e3a407754b0bfb425b194b18759f7ed8
Instruction ID: dcefb9db7f3889e7e6852e4c2e0f534e9a54842c6485f2b2fe75d2437114b69d
Opcode Fuzzy Hash: 1d752078703a717ca83913722db2b260e3a407754b0bfb425b194b18759f7ed8
Instruction Fuzzy Hash: 93513737B196A08BD328EA7C4C552AA7AD74BE2334B3EC369E9F5CB3E1E5154C014390

Function 00AC3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AC39E3, 00AC39EB

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 5c53358d83e7103453b1908cd0bc450fa546a332cf7ff6838818abb07cb65901
Instruction ID: b5377cc021cb1ddab5ef78fc946481d3850cd7255a970d0823b156523f682340
Opcode Fuzzy Hash: 5c53358d83e7103453b1908cd0bc450fa546a332cf7ff6838818abb07cb65901
Instruction Fuzzy Hash: F0517D326092409BCB24DF55D990F2EBBE5FB89784F15C81CE4C697251D772ED20CB62

Function 00B04CA8 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

9"_, xrefs: 00B04D8C

Memory Dump Source

Source File: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 9"_
API String ID: 0-3273129841
Opcode ID: 86ac311531a84575077d42092b9f33b43617533147a2b685c9bb111c7e5898f6
Instruction ID: 25f467109666b8a5b65a61e308a61a42b620e59cf0abf2e3f85d28a96171b8d4
Opcode Fuzzy Hash: 86ac311531a84575077d42092b9f33b43617533147a2b685c9bb111c7e5898f6
Instruction Fuzzy Hash: 29414AF3A083089FE7087D68DC9577AB7D9EF94720F0A463DDAC643B44E93568018697

Function 00A91BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00A91C3E

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: 9f2dc8b4ff353c613c8588427874f7d60bc5d1d164eff2734099b5c42a83d269
Instruction ID: c97073e1a451ad018ede3dd43307e555ad0ff3085e63e318494398247b001b89
Opcode Fuzzy Hash: 9f2dc8b4ff353c613c8588427874f7d60bc5d1d164eff2734099b5c42a83d269
Instruction Fuzzy Hash: 424173B81083819BCB149F69D894A2FBBF0FF8A314F048A1CF5C69B290D736C915CB56

Function 00ABFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00AC0033, 00AC003B

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: a4f80f5d648850dc8fda2ff4864ed4dd985a3a87662df91a1cdea41cd024c295
Instruction ID: fcdcb1b2831bebdb631eb065ea6c4f20aa81705cd39b5b4a05fba4d7e523d2bf
Opcode Fuzzy Hash: a4f80f5d648850dc8fda2ff4864ed4dd985a3a87662df91a1cdea41cd024c295
Instruction Fuzzy Hash: AB31C3B5A08305EBD610EB68DD81F2BB7E9EB85748F56482CF88597252E231DC14C7A3

Function 00AAE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 00AAE6A2

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: fb5e5e27a538ebdc02e72e5b7e3f18df011655d716da1dea3b489c2ddd066f2c
Instruction ID: 9298994074dce02e5512b6660fc3b30b86be3f67fb2536da5b772fbf660085d3
Opcode Fuzzy Hash: fb5e5e27a538ebdc02e72e5b7e3f18df011655d716da1dea3b489c2ddd066f2c
Instruction Fuzzy Hash: 8D31E1B5A01204DFCB20DFD5E9905AFFBB5FB0A744F540829E446AB341D335AE05CBA2

Function 00A96F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00A9703B

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 68a3834734941833674cb92b569bd48742b845a2dce2ac64f7e3a090e681a346
Instruction ID: a6f425306f034b14add9adb198e2af4c5756157e903a67891175f4855c244023
Opcode Fuzzy Hash: 68a3834734941833674cb92b569bd48742b845a2dce2ac64f7e3a090e681a346
Instruction Fuzzy Hash: DD413575615B04DBDB25CB61DA94F2AB7F2FB09701F24891DE5869BAA1E331F8008B20

Function 00AAE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 00AAE6A2

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 4c6a07477ac5444d05aa5a6f8f26895d05b4f8a289d8603f2bdfc73fec4cddb8
Instruction ID: 49c885388e60c51a0c2648ea0a30d0d1d3b3d81d8e5b3e202309979f631fe584
Opcode Fuzzy Hash: 4c6a07477ac5444d05aa5a6f8f26895d05b4f8a289d8603f2bdfc73fec4cddb8
Instruction Fuzzy Hash: D021AEB1A01204DFC720DF95E9A0A6FBBB5BB1A744F54081DE446AB381C335AD41CBA2

Function 00AC9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00AC9D30

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 955adea7583ddf3388bbe42218463338320b52a5474b584e89d7359c1a48db27
Instruction ID: bcbcdc8c1beb629b527fb4f34ff57e902f10439e834c858a61b3b9566a326f22
Opcode Fuzzy Hash: 955adea7583ddf3388bbe42218463338320b52a5474b584e89d7359c1a48db27
Instruction Fuzzy Hash: 443186709093008BD310DF24D884A2BFBF9EF9A314F25892CE1C6A7251D335D904CBA6

Function 00A94E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c522c1cfbdcc5278d9a7a3b356a8e80f3ff682eff2906c2b017094bf5e657e44
Instruction ID: 4241c55816b2229e5aa0d47a74c96c1622306f7a6793ee47b7e7228a6932968a
Opcode Fuzzy Hash: c522c1cfbdcc5278d9a7a3b356a8e80f3ff682eff2906c2b017094bf5e657e44
Instruction Fuzzy Hash: 9B6259B0A00B009FDB26DF25D991B27B7F6AF49714F54892CD49B8BA52E734F804CB91

Function 00A8BEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 344e0c2991675fa94084dda9327e88b561ee8cd48cdca4c8350fbbe1b54f57ed
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: C1521B319087118BC725AF18E4442BAF3E1FFD5329F258A3DD9C697281E734A851CF96

Function 00AC8652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3da84669004d588cf3eb5dfdc856a10b06308ce25337dc206786e249161af18
Instruction ID: b81e34a21d4477963ebc55e7998ef6084ca2d01ecea57288cef84a015ef17c3a
Opcode Fuzzy Hash: d3da84669004d588cf3eb5dfdc856a10b06308ce25337dc206786e249161af18
Instruction Fuzzy Hash: 9F22AB35609341CFC704DFA8E890A2AB7F1FB89315F0A896EE5CA87351D735D951CB42

Function 00AC86F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9810de83b342be5fd15c30db4781fd85a8a6b4884c0a87ce96d05f9b3c5913cd
Instruction ID: 6c68adab705cf13255d6c66f053d92661fdd40ce37f4084503708e958f87c5bf
Opcode Fuzzy Hash: 9810de83b342be5fd15c30db4781fd85a8a6b4884c0a87ce96d05f9b3c5913cd
Instruction Fuzzy Hash: F9229A35609341DFD704DFA8E890A2ABBF1FB8A305F0A896EE5CA87351D735D851CB42

Function 00A8B3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82344ce6d1b6acdd9eec3a7b7dea349cb5bc6fd7c4056a342599c20b951fdfdc
Instruction ID: e066f1cb7e3cfe0ab1f2dd359fcfd1ce84cc8a8c238576a7620f1218afb892aa
Opcode Fuzzy Hash: 82344ce6d1b6acdd9eec3a7b7dea349cb5bc6fd7c4056a342599c20b951fdfdc
Instruction Fuzzy Hash: AB52E7B0918B848FE735EB24C4943A7BBE2EF95314F144C2DC5E706B82C779A885C761

Function 00A871F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 458a69e1a144b4686bba4e958d890665586b0aa45550bb21e5f386d3b401ddf9
Instruction ID: c604523fbb82d9f7d5cbf4a93ac98289f1f0953771a59486d214a892b95a82c2
Opcode Fuzzy Hash: 458a69e1a144b4686bba4e958d890665586b0aa45550bb21e5f386d3b401ddf9
Instruction Fuzzy Hash: F552B03150C3458FCB19DF29C0806AEBBE1BF89314F298A6DE89A5B351D774D989CB81

Function 00A88FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbcf424f39e98244bbd7342b0c1ead0221f112422fd8c5fddf0e77f63c0b7bdc
Instruction ID: dd08a77e2b97936b09b02dfbf8ae7ae9ff4ac1fd03c6c19160c4378a9c76321f
Opcode Fuzzy Hash: bbcf424f39e98244bbd7342b0c1ead0221f112422fd8c5fddf0e77f63c0b7bdc
Instruction Fuzzy Hash: 82425775608341DFD708CF68D950B6ABBE1BF88315F0A886DE4858B391D736D986CF42

Function 00A87BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4575a97548d6bf0269f3eeffe68a861e45cad504ca40986d52556cba99a4f22
Instruction ID: b94281497752bc2d118054cdf24e6c723a7126e5c416ce454b5440c9ec243fcd
Opcode Fuzzy Hash: b4575a97548d6bf0269f3eeffe68a861e45cad504ca40986d52556cba99a4f22
Instruction Fuzzy Hash: 06320270514B118FC368EF29C59056ABBF2BF55710BA04A2ED6A787F90DB36F845CB10

Function 00AC89A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7e9e7546b565daceca438ab2433fc479cf8a65cb9b453cc7731c8296c6c1914
Instruction ID: 03b54ab63a08ab9a90f9c8e2749417eec20e8ec9993d5e67232d64181894860c
Opcode Fuzzy Hash: b7e9e7546b565daceca438ab2433fc479cf8a65cb9b453cc7731c8296c6c1914
Instruction Fuzzy Hash: F5029A35609341DFC704DFA8E880A1AFBF5FB8A305F0A896EE5C687261C735D951CB92

Function 00AC8A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e39bd10b4d88de57d53a67b853a3a88213e78784153146c9b9a0e1497bc9593
Instruction ID: d6f05a00d9e4ff0ef89f9d51b5086483f88575ccd2b24c1c2540326808bfa6be
Opcode Fuzzy Hash: 9e39bd10b4d88de57d53a67b853a3a88213e78784153146c9b9a0e1497bc9593
Instruction Fuzzy Hash: 9AF1793560D340DFC705DF68E880A2AFBF5AB8A305F09896DE4DA87251D736D911CB92

Function 00AC8C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b8e85e267b3106efa98d8e376ee3423fe74f90e1fd19003f505d0752320afa5
Instruction ID: 9a1fd9418ccacd995205fe2155df708768a351c6e30f7426fd5bb08c201735ee
Opcode Fuzzy Hash: 9b8e85e267b3106efa98d8e376ee3423fe74f90e1fd19003f505d0752320afa5
Instruction Fuzzy Hash: F0E1AD35609340CFC704DF68E880A6AF7F5BB8A315F0A896DE4DA87351D736D911CB92

Function 00A8A300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 5d1ee018c7c9d7bbf26fe06f7472bb91ae2c6a4c1d73533df5105cfd6db38e2c
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: BFF1AF756087418FD724DF29C88166BFBE6BFE8300F08882DE4D587751E639E945CB62

Function 00AC8E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 413ed94244410d0256e6d8b549b2a54f250fc84e529796b3b761c24c5063b905
Instruction ID: acfda72b4e71f854546bc06875e4e11deeb7db2d93a43b1cefe854042e38d416
Opcode Fuzzy Hash: 413ed94244410d0256e6d8b549b2a54f250fc84e529796b3b761c24c5063b905
Instruction Fuzzy Hash: 79D1993460D280DFD705EF68D884A2AFBF5EB8A305F0A896DE4C687251D736D811CB92

Function 00A94487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f584872d1bd5cc1e3fd2b9fba5ca9f44328f91c5a570ef0aba0d3aa37713fd54
Instruction ID: 271d072c611d846f63ad9c47eea8a71c7a145f2fbce0dfc0d8b3d5d2fe223eca
Opcode Fuzzy Hash: f584872d1bd5cc1e3fd2b9fba5ca9f44328f91c5a570ef0aba0d3aa37713fd54
Instruction Fuzzy Hash: B4E10FB5601B008FD725CF28D992B97B7E1FF0A708F04886DE4AACB752E735B8158B54

Function 00AC6CBF Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6735e5af1d56d8f0ccc708ed468916ff2f1abe690286a1396380b93c7b3c7d28
Instruction ID: 1d7d01b4fc260fffae3e8b47d400d31a4c7c4d9d92cc62390c8c63a826e34bc9
Opcode Fuzzy Hash: 6735e5af1d56d8f0ccc708ed468916ff2f1abe690286a1396380b93c7b3c7d28
Instruction Fuzzy Hash: 36D1F336A1D751CFCB24CF78D88062AB7E2BB89314F094A6ED492C7391D334DA45CB91

Function 00AC7AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6471a31e01aca4d2d5fe1e547ca1d996c86b4e7afa2acb3778ff5a08480c25f2
Instruction ID: b686a4182a2a1a5b2830485ac9b9f0678c80708909dcd0401cf0019f4a28472b
Opcode Fuzzy Hash: 6471a31e01aca4d2d5fe1e547ca1d996c86b4e7afa2acb3778ff5a08480c25f2
Instruction Fuzzy Hash: FBB10472A0C3508BE724DB69CC41B6FB7E5AFC4314F0A492DE99997391EA35DC048F92

Function 00A8AF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: 9609855b4d0a98b12c384a96336f4a694d73d02a19161eb5ef41f546eb46c486
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 0FC189B2A187418FC360DF28DC96BABB7E1FF85318F08492DD1D9C6242E778A155CB16

Function 00A96536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 534ebf07acfe5e08aee461a3aa2fd79772317cc4133be239fb7a3575125354b9
Instruction ID: 451d6789a698d48212926f85d4b848bfe5646f86fc4d7c2f29f04bca2542800a
Opcode Fuzzy Hash: 534ebf07acfe5e08aee461a3aa2fd79772317cc4133be239fb7a3575125354b9
Instruction Fuzzy Hash: 9AB110B4600B408FD7258F24CA81B67BBF1EF4A704F14885DE8AA8BA52E735F805CB54

Function 00AC7710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 680b7028737082b140a37a9e8c4ecc7adcfd530bd78857f0275f48b4f38f8616
Instruction ID: 223b43f324b3435249c5b41f29e6a746c4d7d3443a45590e68f8c720f736f462
Opcode Fuzzy Hash: 680b7028737082b140a37a9e8c4ecc7adcfd530bd78857f0275f48b4f38f8616
Instruction Fuzzy Hash: 2B918A71A08301ABEB20DB64C881FAFBBE5FB85350F55881CF98597351E730E940CB92

Function 00ACA0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584509b6c209880d79bd90c3b6a51cc405913e25dc7aa5ed530b2b755b76b0e0
Instruction ID: 23b0342ef68f184036c615e438cad4b4892eeedc5e02a4f1e0c6cc006b3bed52
Opcode Fuzzy Hash: 584509b6c209880d79bd90c3b6a51cc405913e25dc7aa5ed530b2b755b76b0e0
Instruction Fuzzy Hash: A1819C346097458FD724DF68C890F2AB7E5EF69748F16892CE4868B261E731EC11CB92

Function 00AB64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 517d2a975b6395ec8a54b275cd4e648892b8c0030c7de7aaf873de0bb0e9b2d4
Instruction ID: ec24a6cb21eeb5287a2ee86946d3e373c7fbd79c205cc5f51c8f335887d2ec11
Opcode Fuzzy Hash: 517d2a975b6395ec8a54b275cd4e648892b8c0030c7de7aaf873de0bb0e9b2d4
Instruction Fuzzy Hash: A971E733B29A904BC3249D7C4C923E5AA975BE6334B3EC379E9B4CB3E6D52D48064350

Function 00AA28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9399db929d2ec430bd9f31915ba9550a1b2279352a1ae0e6830f32a0782bae2
Instruction ID: 245613225c6c0ea9e551676e7df0bde9778d235cba59d15544ff65a40bd72014
Opcode Fuzzy Hash: a9399db929d2ec430bd9f31915ba9550a1b2279352a1ae0e6830f32a0782bae2
Instruction Fuzzy Hash: 6B6167B44083509BD310AF59E891B2BBBF1EFA6750F08491DF4C58B2A1E379D921CB66

Function 00AA7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9ad8f674620d66b517de1929fe654148280db28b0ae9b32ec4a84c6535f66d0
Instruction ID: c847b6b114b4f0ef1f787dd190b317741dcf01aef7281324d77df2efc7be6c4b
Opcode Fuzzy Hash: a9ad8f674620d66b517de1929fe654148280db28b0ae9b32ec4a84c6535f66d0
Instruction Fuzzy Hash: 2751ADB1608204ABDB20AF28CC92B7B73B5EF86764F144958F9868B2D1F375DC05CB61

Function 00B67D2A Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6757f099862cc4d5cce9c8a4a05d868afd346994fc20e23b98ede7fe8b842272
Instruction ID: 1e18e6e9bcbd65ca3e262b7f1cf3521cab69281803295230f6d0291734b3cabf
Opcode Fuzzy Hash: 6757f099862cc4d5cce9c8a4a05d868afd346994fc20e23b98ede7fe8b842272
Instruction Fuzzy Hash: FA71D6B3E082209BE3146E69DC8476ABBE5EF94360F1B453DDEC853784DA394C0587D6

Function 00AB1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 988801a232243cc149ca98e07b205aac058e9a8a9b5836b39ceb2cf3b1e8b4d9
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 7961D03160D341ABD714CF69C5A07AFBBEABBC5390FA4C92DE4898B352D270ED819741

Function 00AB82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 902d568f6cff8716f5b738e335a1e85c3f20be56cb074a36d1d90bfe673f43e9
Instruction ID: 1e2a1e7297483b167aea72ddd261510a47e250ba28dcacf9ce047458bf3dbcbc
Opcode Fuzzy Hash: 902d568f6cff8716f5b738e335a1e85c3f20be56cb074a36d1d90bfe673f43e9
Instruction Fuzzy Hash: 2E612633A5AA914BC3248A3C5C553E66A9F5BD2730F3EC365D8B58B3E6C96D4802D341

Function 00A942FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 975afe3188177693a53dae7cbf52a6aa5b53127994b9aea88f8fd02c06048d98
Instruction ID: 6fdf74c54e9a70d6fe5c0ea653173dd6ae2a7947869fbdf83f421ff4ea91e438
Opcode Fuzzy Hash: 975afe3188177693a53dae7cbf52a6aa5b53127994b9aea88f8fd02c06048d98
Instruction Fuzzy Hash: BD81E1B4810B00AFD360EF39DA47B57BEF4AB06201F504A1DE4EA97694E7306419CBE3

Function 00ABE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 9dbb9690e3b5e8079110cb7767e479d730dd72f0d18e4614a67218ff6dd2024a
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: 99518DB16083448FE314DF69D49439BBBE5BBC5318F044E2DE4E983351E379DA088B82

Function 00C3F9CC Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 412500b6f60e5cd0f4edfbb0439afd0ab939fdeda508c185c1ed725ace7fb459
Instruction ID: 18f696421ccc542f0ffaf12e72abb70f3440c47ffa201750817185bd1c0cd695
Opcode Fuzzy Hash: 412500b6f60e5cd0f4edfbb0439afd0ab939fdeda508c185c1ed725ace7fb459
Instruction Fuzzy Hash: 8F5172B3F5062547F3604D29DC983A17693DB91324F2F82788F986BBC9D93E5D0A6384

Function 00AC7520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c28b554cedb491b6fdc9d0120756e9691a871fa365f8a3b8b23a6e4166457deb
Instruction ID: 7efe75a496b192fb6c436a22bae5cc0ca84c27c39be3e457f3693897aecf0600
Opcode Fuzzy Hash: c28b554cedb491b6fdc9d0120756e9691a871fa365f8a3b8b23a6e4166457deb
Instruction Fuzzy Hash: 3751E23160D214ABC7159F18CC90F2EB7E6FB85354F2A8A2CE8E657391D631EC118B91

Function 00A85A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 545c8cf8b5eaf3d0757681190385acc0d5c40ce3b28b3dcf089d25496fe5d375
Instruction ID: 93786997b5611e70600aaff3982801e6039754ebfb64ac2a74f9304c82484390
Opcode Fuzzy Hash: 545c8cf8b5eaf3d0757681190385acc0d5c40ce3b28b3dcf089d25496fe5d375
Instruction Fuzzy Hash: CA51D2B5E047049FC714EF24D884926B7A1FF89364F15466CFC9A9B352D631EC42CB92

Function 00AAEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cf510286f4686f0202b1b410ccaaf78bf85093924531177f5735d6eadd4a305
Instruction ID: 97629b0ced7341e3902c3edfa18f4f8c4daa9d4b2ed9efeac64312dd40f3dc9b
Opcode Fuzzy Hash: 2cf510286f4686f0202b1b410ccaaf78bf85093924531177f5735d6eadd4a305
Instruction Fuzzy Hash: 24419D78900315DBDF20CF94DC91BAAB7B0FF0A350F144549E945AB3A1EB38A951CBA1

Function 00AC9B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55cfe57e06e3430f279a4ef95c4343b07ce96f86a8435be2e17876ddb58a871b
Instruction ID: e56d3d2e36735eba92d5ac6dac07cf927b200e5ae840bb882f50794e2fa9e0cd
Opcode Fuzzy Hash: 55cfe57e06e3430f279a4ef95c4343b07ce96f86a8435be2e17876ddb58a871b
Instruction Fuzzy Hash: 11419B3460C300AFD710DB65D994F2BBBE6EB85714F26882CF58A9B251D331EC01CBA2

Function 00A92030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a053c7c032b73cbd9cf2e48231e99f12a293b0ec25e6fcd31c89aaa2254ad80
Instruction ID: 136d617c0c953e3e607191c819a6d6f88379aae07d127e7a10c61a89911bf44b
Opcode Fuzzy Hash: 2a053c7c032b73cbd9cf2e48231e99f12a293b0ec25e6fcd31c89aaa2254ad80
Instruction Fuzzy Hash: CF411632B083215FD75CCF2A849473ABBE2ABC5310F09822EE4DA8B3D4DA748D45D781

Function 00A91E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d87e775b0e8c02496acbfdd4f2073bdb93b08af5eee2165b2988fd102940859
Instruction ID: 1ac50cac3db858523f8c0ed547125a33d4a8d626888a7da4f418caaf1f8ba406
Opcode Fuzzy Hash: 0d87e775b0e8c02496acbfdd4f2073bdb93b08af5eee2165b2988fd102940859
Instruction Fuzzy Hash: 4C41F074608380ABD720AB59C884B2EFBF5FB8A744F144D1DF6C497292C376E8148F66

Function 00AC8D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd7c00008fc354ce98d09b6e814dc5cc32e9a4a1c365622ef32f9257a58a09a3
Instruction ID: 615119c5a6af6bce5a3b79fd4ba5ccbaf3f6d2187e36625d7284aeb563ead259
Opcode Fuzzy Hash: fd7c00008fc354ce98d09b6e814dc5cc32e9a4a1c365622ef32f9257a58a09a3
Instruction Fuzzy Hash: E441E53160C3548FC705DF68C490A2EFBE6AF99300F0A8A1DD4D6DB291CB78DD018B82

Function 00A9D961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af13fb9592c2e8fabe291fec264748894c169914e4f95d4ced03dac121f6df0d
Instruction ID: 90448ff8a1bb986b341434bae998d59f5a4517d96dbfd99788965084c915e82c
Opcode Fuzzy Hash: af13fb9592c2e8fabe291fec264748894c169914e4f95d4ced03dac121f6df0d
Instruction Fuzzy Hash: 3641A9B16093818BD7309F14C881FABB7B0FFA63A4F040959E48A8BA91E7744981CB57

Function 00CC5C12 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7154a594e0ee0bde2819d7a3f9696f9ea43c6ee8da8be57bbd0c09b93c8f0f36
Instruction ID: 63c887dac44d99ca1b5f3d2dd6f873742325fb1e638f0de2855e66c42b5edcb5
Opcode Fuzzy Hash: 7154a594e0ee0bde2819d7a3f9696f9ea43c6ee8da8be57bbd0c09b93c8f0f36
Instruction Fuzzy Hash: D63124B391CB04CBE3002E16DD45F76B79AA798320F35052DE58756680F97A79C6A2C3

Function 00ABF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: d636999267563b5f2e37a44499967c2de48c38f4bb364b842690b13112557a4c
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: 54210A329081144BC324EB5DC88167BF7E8EB99704F0A863ED9C4A7296E3359C1487D1

Function 00AC67EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109af1dd1e56277180bf3edc70fb2187ee53e73dffb19b78d0b0aa7bab87dc87
Instruction ID: 358853ae458ba78baa6b51c91067a1ab7075483903ae92f8a38184763737b4bc
Opcode Fuzzy Hash: 109af1dd1e56277180bf3edc70fb2187ee53e73dffb19b78d0b0aa7bab87dc87
Instruction Fuzzy Hash: A731437051C3829AE714CF14C4A0A2FBBF0EF96788F54580DF4C8AB261D338D985CB9A

Function 00AA5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3af81033b03dcb85599cea8ea9442e1c5b0a87f7ee75ce6b0b7cb0d55aa6074
Instruction ID: 59e7c3afb8119096510d92f2c9948b27a03a6adfac7a1473fae0f84070cad65a
Opcode Fuzzy Hash: a3af81033b03dcb85599cea8ea9442e1c5b0a87f7ee75ce6b0b7cb0d55aa6074
Instruction Fuzzy Hash: A2219CB0909201DBC320AF28C95192FB7F4EF92764F44891CF4D99B292E335CA00CBA7

Function 00A849A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: e0c32e6c3ec7c8da2f697f9da86ee3c44d3064fc78ab31f715cc0d79fa727ca0
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 5631CA31648212DFD714AF58D880A2BF7E1EF8C359F18892DE89A9B241D331DC52CB46

Function 00AC64B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc925efec310739ff66e833dd82aa56a0810f053073a55c7d67b8240a1b0b760
Instruction ID: c44e1e77596dc41307882d80266096072ac62693d7cb03e9a828346882644f3a
Opcode Fuzzy Hash: dc925efec310739ff66e833dd82aa56a0810f053073a55c7d67b8240a1b0b760
Instruction Fuzzy Hash: 26216674A0C2409BC708EF59D690E2EFBF2FB85741F29881CE4C597361C334A851CB62

Function 00AC5700 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fe0f4dd981670826508064ba88a70c119d6422c452b09ed208953b5461034e6
Instruction ID: e433a65d5079af2632e2e0a706f178b00b153cbdb5d00d960f20454cbde5e6e9
Opcode Fuzzy Hash: 7fe0f4dd981670826508064ba88a70c119d6422c452b09ed208953b5461034e6
Instruction Fuzzy Hash: 84118C7591D240EBC701AF28E944E1BBBF5AF96710F06882CF4859B211D335E851CB93

Function 00ABB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: ada8b6001073bc98b9eff02651fee6ad9a33853a5460ab059bfeae56c0e73642
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 5D11E533A151D80EC3168E3C84505A5BFA71AA3234B598399F4F89B2D3D772CD8A9374

Function 00AB0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: 7a7db72ae9a90b7b321c71eb6115066f8522e24f10a5c61dea4c4a51169ea134
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 9D0171F5A0030247EB20AF54A5D1F7BF2ADAF81B68F18452CE84657203EB76EC05C7A1

Function 00AAD1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe2651a56405d6a3dc6ff3f768cd06b4c2c8610a82ad199a76ad5234a310a402
Instruction ID: dd26c6420cedf3cba5fc0ea990aab1bfd40e72ef27e1d6d02d95dcc67d3f1488
Opcode Fuzzy Hash: fe2651a56405d6a3dc6ff3f768cd06b4c2c8610a82ad199a76ad5234a310a402
Instruction Fuzzy Hash: D011DBB0408380AFD3109F618594A6FFBE5EBA6B14F148C0DE6A59B251C379E819CB56

Function 00A86EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71f95d5cd951cd931a48693845bdc26b0d82cf8b00f18a023a2436e562afa9e9
Instruction ID: 814a3dcf23e64313341109d4fa289d98e170ef8804aabac38ad30e234e6afdef
Opcode Fuzzy Hash: 71f95d5cd951cd931a48693845bdc26b0d82cf8b00f18a023a2436e562afa9e9
Instruction Fuzzy Hash: E9F0BB3AB292190B7610DEABE884837B396D7D9355F155538EA41D3201DE72EC065291

Function 00ABB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 00A9C5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 00A9B410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: aec13305b204b2dd632094b1c1115a8f07e2167000aae0e89e1542a8bc0c9b22
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: BFF0A7B571451067DF22CA95AC80B37BBDCCBC6354F190426E84557143D2A15845C3F5

Function 00AB8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 648134df7972bde04b0c7b8bb812e259ce1c31cee60ba3a79c0a526c7b1285d7
Instruction ID: a30363824df953d3d5ad283f1632ab10bc09d458a61306d66d27eac05a55c5e6
Opcode Fuzzy Hash: 648134df7972bde04b0c7b8bb812e259ce1c31cee60ba3a79c0a526c7b1285d7
Instruction Fuzzy Hash: A201E4B44147009FC360EF29C445B47BBE8EB08714F014A1DE8AECB680D770A5448B82

Function 00AC1440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 9fa767a59ac4c45a58aa288cfef3cba26ce62ad9df94d4dd96c989226a52ba45
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 32D0A775708321469F788F19A500E77F7F0EAC7B12F8A955EF586E3149D230DC41C2A9

Function 00A91ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d2abb1f1403370f387039847095f276a8b5b9ab9c5a8c9bc1a1fbf4b5fdf5bf
Instruction ID: c73a04278097398b0e1e3df130dfc684c1f59224f659c2b4ba334ca2c4f0f8c1
Opcode Fuzzy Hash: 2d2abb1f1403370f387039847095f276a8b5b9ab9c5a8c9bc1a1fbf4b5fdf5bf
Instruction Fuzzy Hash: 14C08C34A6A0018FC208CF84FD95832BBF9A30B308740703ADA03F3721CA30C8078909

Function 00AC6094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 626bc2376eb3fa9847d5ce22cf9c1da99c50692717a559c694944328dbf6f53c
Instruction ID: 7fcff9a93e89ab3f226e21318a00ab314e0a1ea24a2e9dafa064a01264c6b4ee
Opcode Fuzzy Hash: 626bc2376eb3fa9847d5ce22cf9c1da99c50692717a559c694944328dbf6f53c
Instruction Fuzzy Hash: F8C09B35A5D00497970CCF54D951975F3769B9771C724B01FD80723255C134D913D95D

Function 00A91A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c109670c8e606d75eb4cdfd79f56af09793ef918bd3a0a3be24187754fb00d3
Instruction ID: db242654e4332b7e92c62db770e9302e814406f501b7e1e0499726bb191562d1
Opcode Fuzzy Hash: 7c109670c8e606d75eb4cdfd79f56af09793ef918bd3a0a3be24187754fb00d3
Instruction Fuzzy Hash: 0FC09B34BA9041CFC64CCFCAE9D1831A7FD5307208711303A9B03F7761C560D4068509

Function 00AC5FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1524242757.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Offset: 00A80000, based on PE: true

Associated: 00000000.00000002.1524134661.0000000000A80000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524284765.0000000000AE0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524300986.0000000000AEC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524396059.0000000000C4D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524413026.0000000000C4F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C68000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524432247.0000000000C73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524462345.0000000000C76000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524478512.0000000000C77000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524494258.0000000000C79000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524510309.0000000000C7F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524526672.0000000000C89000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524541374.0000000000C8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524562107.0000000000CA6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524577307.0000000000CA7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524592982.0000000000CA8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524610251.0000000000CB8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524632667.0000000000CCE000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524650162.0000000000CD5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524666385.0000000000CD6000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524694747.0000000000CDE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524711934.0000000000CE7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524733712.0000000000CE8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524750776.0000000000CE9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524767844.0000000000CEC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524785798.0000000000CF5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524804281.0000000000CFA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524820535.0000000000CFB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524835299.0000000000CFC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524852331.0000000000CFD000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524868546.0000000000D02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524884757.0000000000D0A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524900939.0000000000D0D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524918239.0000000000D14000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524933008.0000000000D53000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1524984792.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525000370.0000000000D84000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D85000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525015668.0000000000D8B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525047656.0000000000D99000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1525061912.0000000000D9A000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a80000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98f7266f18cc69ca89708af9e56575f1404e39f7343eadc6ae3034bacea620ae
Instruction ID: 6e9bffbbe3f7eb4d33850ba03694c70eaf63fc7497810f7904202e50ae69f7aa
Opcode Fuzzy Hash: 98f7266f18cc69ca89708af9e56575f1404e39f7343eadc6ae3034bacea620ae
Instruction Fuzzy Hash: B7C09225B6A000ABAB4CCF58DD51935F3BA9B8BA1CB14B02FC807A3256D134D913860D

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 00AC50FA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63
libraryCOMMON

Function 00A8FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 00A8D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00AC5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00AC695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 00A9049B Relevance: .3, Instructions: 264
COMMON

Function 00A90228 Relevance: .2, Instructions: 218
COMMON

Function 00AC3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 00AC3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON