Edit tour

Windows Analysis Report
HJVzgKyC0y.exe

Overview

General Information

Sample name:	HJVzgKyC0y.exe renamed because original name is a hash value
Original sample name:	787c063e49255e491cf9424cdb48759c.exe
Analysis ID:	1580908
MD5:	787c063e49255e491cf9424cdb48759c
SHA1:	29e1b23611e1a461e00589549f67ccbb9341ff57
SHA256:	1ada1e291cea479ab3c219477bb63ef332b1e7506aa0d07bf5bd7daaca40afe7
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

HJVzgKyC0y.exe (PID: 1868 cmdline: "C:\Users\user\Desktop\HJVzgKyC0y.exe" MD5: 787C063E49255E491CF9424CDB48759C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["wordyfindy.lat", "manyrestro.lat", "tentabatte.lat", "talkynicer.lat", "shapestickyr.lat", "bashfulacid.lat", "curverpluch.lat", "observerfry.lat", "slipperyloo.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:03:35.712786+0100	2028371	3	Unknown Traffic	192.168.2.8	49705	23.55.153.106	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:03:33.841779+0100	2058480	1	Domain Observed Used for C2 Detected	192.168.2.8	63361	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:03:33.553800+0100	2058484	1	Domain Observed Used for C2 Detected	192.168.2.8	56918	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:03:33.130067+0100	2058492	1	Domain Observed Used for C2 Detected	192.168.2.8	49770	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:03:33.269557+0100	2058500	1	Domain Observed Used for C2 Detected	192.168.2.8	58680	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:03:32.981328+0100	2058502	1	Domain Observed Used for C2 Detected	192.168.2.8	64186	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:03:33.411346+0100	2058510	1	Domain Observed Used for C2 Detected	192.168.2.8	51175	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:03:33.700219+0100	2058512	1	Domain Observed Used for C2 Detected	192.168.2.8	53987	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:03:32.839688+0100	2058514	1	Domain Observed Used for C2 Detected	192.168.2.8	59525	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-26T13:03:36.578662+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.8	49705	23.55.153.106	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: HJVzgKyC0y.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://bashfulacid.lat:443/api	Avira URL Cloud: Label: malware
Source: https://talkynicer.lat:443/api	Avira URL Cloud: Label: malware
Source: https://wordyfindy.lat:443/api	Avira URL Cloud: Label: malware
Source: https://tentabatte.lat:443/api	Avira URL Cloud: Label: malware

Found malware configuration

Source: HJVzgKyC0y.exe.1868.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["wordyfindy.lat", "manyrestro.lat", "tentabatte.lat", "talkynicer.lat", "shapestickyr.lat", "bashfulacid.lat", "curverpluch.lat", "observerfry.lat", "slipperyloo.lat"], "Build id": "PsFKDg--pablo"}

Multi AV Scanner detection for submitted file

Source: HJVzgKyC0y.exe	Virustotal: Detection: 52%			Perma Link
Source: HJVzgKyC0y.exe	ReversingLabs: Detection: 63%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: HJVzgKyC0y.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: bashfulacid.lat
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: tentabatte.lat
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: curverpluch.lat
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: talkynicer.lat
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: shapestickyr.lat
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: manyrestro.lat
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: slipperyloo.lat
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: wordyfindy.lat
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: observerfry.lat
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.1431386802.0000000005320000.00000004.00001000.00020000.00000000.sdmp	String decryptor: PsFKDg--pablo

Source: HJVzgKyC0y.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49705 version: TLS 1.2

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov edx, ebx	0_2_00AD8600
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00B11720
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00AFC09E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00AFC0E6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00AFE0DA
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00AF81CC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov eax, dword ptr [00B16130h]	0_2_00AE8169
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00AFC09E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00B06210
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00AF83D8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov ecx, eax	0_2_00AEC300
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00B10340
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_00AFC465
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00AFC465
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov edi, ecx	0_2_00AFA5B6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00AF8528
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00B106F0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov eax, ebx	0_2_00AEC8A0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_00AEC8A0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_00AEC8A0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_00AEC8A0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_00B0C830
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00AF2830
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then push esi	0_2_00ADC805
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00AFC850
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_00B0C990
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00AF89E9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00AFAAC0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_00B0CA40
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00AD8A50
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_00AEEB80
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov edx, ecx	0_2_00AE8B1B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_00ADAB40
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00AE4CA0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_00ADCC7A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_00B0CDF0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_00B0CDF0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_00B0CDF0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_00B0CDF0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_00B0EDC1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov edx, ecx	0_2_00AF6D2E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_00B10D20
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]	0_2_00AD2EB0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov ecx, eax	0_2_00AF2E6D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then jmp edx	0_2_00AF2E6D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00AF2E6D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AE6F52
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov esi, ecx	0_2_00AF90D0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov ecx, eax	0_2_00AFD116
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_00B11160
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov ecx, eax	0_2_00AFD17D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00AFB170
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00AD73D0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00AD73D0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00AFD34A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AE747D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_00AE747D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov eax, ebx	0_2_00AF7440
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_00AF7440
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_00AEB57D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00AD9780
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then jmp edx	0_2_00AF37D6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then jmp eax	0_2_00AF9739
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_00AF7740
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov ecx, eax	0_2_00AED8AC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov ecx, eax	0_2_00AED8AC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov edx, ecx	0_2_00AEB8F6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov edx, ecx	0_2_00AEB8F6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov ecx, eax	0_2_00AED8D8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov ecx, eax	0_2_00AED8D8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then jmp edx	0_2_00AF39B9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00AF39B9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00AFB980
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then dec edx	0_2_00B0FA20
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AF1A10
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then dec edx	0_2_00B0FB10
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00AFDDFF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then dec edx	0_2_00B0FD70
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov edx, ecx	0_2_00AF9E80
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00AFDE07
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then dec edx	0_2_00B0FE00
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_00AF5F1B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 4x nop then mov ecx, eax	0_2_00AFBF13

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058500 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat) : 192.168.2.8:58680 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058502 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat) : 192.168.2.8:64186 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058512 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat) : 192.168.2.8:53987 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058514 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat) : 192.168.2.8:59525 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058492 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat) : 192.168.2.8:49770 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058480 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat) : 192.168.2.8:63361 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058510 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat) : 192.168.2.8:51175 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058484 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat) : 192.168.2.8:56918 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.8:49705 -> 23.55.153.106:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: wordyfindy.lat
Source: Malware configuration extractor	URLs: manyrestro.lat
Source: Malware configuration extractor	URLs: tentabatte.lat
Source: Malware configuration extractor	URLs: talkynicer.lat
Source: Malware configuration extractor	URLs: shapestickyr.lat
Source: Malware configuration extractor	URLs: bashfulacid.lat
Source: Malware configuration extractor	URLs: curverpluch.lat
Source: Malware configuration extractor	URLs: observerfry.lat
Source: Malware configuration extractor	URLs: slipperyloo.lat

Source: Joe Sandbox View

IP Address: 23.55.153.106 23.55.153.106

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49705 -> 23.55.153.106:443

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.f equals www.youtube.com (Youtube)
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=c35aebae02ee3edf0dcfc71d; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 26 Dec 2024 12:03:36 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: astly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: observerfry.lat
Source: global traffic	DNS traffic detected: DNS query: wordyfindy.lat
Source: global traffic	DNS traffic detected: DNS query: slipperyloo.lat
Source: global traffic	DNS traffic detected: DNS query: manyrestro.lat
Source: global traffic	DNS traffic detected: DNS query: shapestickyr.lat
Source: global traffic	DNS traffic detected: DNS query: talkynicer.lat
Source: global traffic	DNS traffic detected: DNS query: curverpluch.lat
Source: global traffic	DNS traffic detected: DNS query: tentabatte.lat
Source: global traffic	DNS traffic detected: DNS query: bashfulacid.lat
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bashfulacid.lat:443/api
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.f
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://observerfry.lat:443/api
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014B8000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.00000000014BB000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1478049360.00000000014BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900p
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900q
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://talkynicer.lat:443/api
Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tentabatte.lat:443/api
Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wordyfindy.lat:443/api
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: unknown

HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.8:49705 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: HJVzgKyC0y.exe	Static PE information: section name:
Source: HJVzgKyC0y.exe	Static PE information: section name: .idata
Source: HJVzgKyC0y.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AD8600	0_2_00AD8600
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00ADB100	0_2_00ADB100
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BDC0B5	0_2_00BDC0B5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C140EA	0_2_00C140EA
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5A098	0_2_00B5A098
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AFC09E	0_2_00AFC09E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE20FF	0_2_00BE20FF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D	0_2_00CA008D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AE60E9	0_2_00AE60E9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AFC0E6	0_2_00AFC0E6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2C090	0_2_00C2C090
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C30094	0_2_00C30094
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C16098	0_2_00C16098
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AFA0CA	0_2_00AFA0CA
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B340D9	0_2_00B340D9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B740C7	0_2_00B740C7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B62035	0_2_00B62035
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BAC03E	0_2_00BAC03E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD6038	0_2_00BD6038
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7C03D	0_2_00B7C03D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BBC030	0_2_00BBC030
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0E05D	0_2_00C0E05D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B54055	0_2_00B54055
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B9A041	0_2_00B9A041
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1803A	0_2_00C1803A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB81B7	0_2_00BB81B7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B601A6	0_2_00B601A6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B4A193	0_2_00B4A193
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AFE180	0_2_00AFE180
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B86182	0_2_00B86182
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C3A189	0_2_00C3A189
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA61F6	0_2_00BA61F6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B581E9	0_2_00B581E9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1E19E	0_2_00C1E19E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF81CC	0_2_00AF81CC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C001AE	0_2_00C001AE
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B381CB	0_2_00B381CB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B28135	0_2_00B28135
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC612C	0_2_00BC612C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BCA122	0_2_00BCA122
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C08161	0_2_00C08161
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AE8169	0_2_00AE8169
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7A17D	0_2_00B7A17D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFE175	0_2_00BFE175
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2E10E	0_2_00C2E10E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AD6160	0_2_00AD6160
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B4016D	0_2_00B4016D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B64168	0_2_00B64168
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA215E	0_2_00BA215E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA0153	0_2_00BA0153
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6815D	0_2_00B6815D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AFC09E	0_2_00AFC09E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B42147	0_2_00B42147
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C3813D	0_2_00C3813D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C322C0	0_2_00C322C0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B3C2AC	0_2_00B3C2AC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B322AC	0_2_00B322AC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BAE285	0_2_00BAE285
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B362F4	0_2_00B362F4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFA2EE	0_2_00BFA2EE
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C26296	0_2_00C26296
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B782E0	0_2_00B782E0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BCC2E7	0_2_00BCC2E7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C102AC	0_2_00C102AC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF42D0	0_2_00AF42D0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8E231	0_2_00B8E231
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AEE220	0_2_00AEE220
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5E213	0_2_00B5E213
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C04266	0_2_00C04266
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BEE210	0_2_00BEE210
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8C20E	0_2_00B8C20E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7E20E	0_2_00B7E20E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B94277	0_2_00B94277
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AD4270	0_2_00AD4270
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B98264	0_2_00B98264
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF2258	0_2_00BF2258
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2423A	0_2_00C2423A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BCE247	0_2_00BCE247
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2823E	0_2_00C2823E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFC241	0_2_00BFC241
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE03BF	0_2_00BE03BF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE23BD	0_2_00BE23BD
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B503A2	0_2_00B503A2
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C043E7	0_2_00C043E7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BAC390	0_2_00BAC390
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD2396	0_2_00BD2396
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5C39B	0_2_00B5C39B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B58385	0_2_00B58385
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6C386	0_2_00B6C386
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C243F9	0_2_00C243F9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA03FA	0_2_00BA03FA
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFE3FF	0_2_00BFE3FF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5A3F4	0_2_00B5A3F4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BBA3F9	0_2_00BBA3F9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C3038F	0_2_00C3038F
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B743D6	0_2_00B743D6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B663D1	0_2_00B663D1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B4E3C4	0_2_00B4E3C4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF83D8	0_2_00AF83D8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B863C2	0_2_00B863C2
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B443CB	0_2_00B443CB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF0329	0_2_00BF0329
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0235E	0_2_00C0235E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C34361	0_2_00C34361
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB0309	0_2_00BB0309
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BDE30E	0_2_00BDE30E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA4305	0_2_00BA4305
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BEC37A	0_2_00BEC37A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC0377	0_2_00BC0377
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B96363	0_2_00B96363
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE4361	0_2_00BE4361
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B46357	0_2_00B46357
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF6344	0_2_00BF6344
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA24BD	0_2_00BA24BD
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC44B7	0_2_00BC44B7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C304DA	0_2_00C304DA
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2048A	0_2_00C2048A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B864F4	0_2_00B864F4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF24E0	0_2_00AF24E0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BEC4EC	0_2_00BEC4EC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2E497	0_2_00C2E497
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B644E1	0_2_00B644E1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0E49A	0_2_00C0E49A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF04C6	0_2_00AF04C6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C344AE	0_2_00C344AE
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8443F	0_2_00B8443F
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BDC423	0_2_00BDC423
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFC40A	0_2_00BFC40A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7C476	0_2_00B7C476
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF4476	0_2_00BF4476
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC8477	0_2_00BC8477
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B10460	0_2_00B10460
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BDE466	0_2_00BDE466
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6E45C	0_2_00B6E45C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B0A440	0_2_00B0A440
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2A430	0_2_00C2A430
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B0C5A0	0_2_00B0C5A0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BDA5AB	0_2_00BDA5AB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BAE5A2	0_2_00BAE5A2
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B525AA	0_2_00B525AA
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B32593	0_2_00B32593
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B3459B	0_2_00B3459B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C285F2	0_2_00C285F2
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFA58E	0_2_00BFA58E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD6582	0_2_00BD6582
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1E584	0_2_00C1E584
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8E5E8	0_2_00B8E5E8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC25E5	0_2_00BC25E5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B9E5E2	0_2_00B9E5E2
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1459A	0_2_00C1459A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AD65F0	0_2_00AD65F0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B0A5D4	0_2_00B0A5D4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B945D4	0_2_00B945D4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2A5B1	0_2_00C2A5B1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C3A5B0	0_2_00C3A5B0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1C54E	0_2_00C1C54E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AFC53C	0_2_00AFC53C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8052C	0_2_00B8052C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2455B	0_2_00C2455B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B4A529	0_2_00B4A529
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B76504	0_2_00B76504
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5E502	0_2_00B5E502
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B40573	0_2_00B40573
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA0571	0_2_00BA0571
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF2573	0_2_00BF2573
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF4560	0_2_00AF4560
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0850F	0_2_00C0850F
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6256B	0_2_00B6256B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BAA567	0_2_00BAA567
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B38555	0_2_00B38555
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C36529	0_2_00C36529
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5C55B	0_2_00B5C55B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0A6C4	0_2_00C0A6C4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1E6DA	0_2_00C1E6DA
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD06A3	0_2_00BD06A3
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00ADE687	0_2_00ADE687
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B90689	0_2_00B90689
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B56688	0_2_00B56688
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B106F0	0_2_00B106F0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF86EF	0_2_00BF86EF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BAA6EB	0_2_00BAA6EB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C94695	0_2_00C94695
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B926C8	0_2_00B926C8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF46D0	0_2_00AF46D0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1A64E	0_2_00C1A64E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BCE627	0_2_00BCE627
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AEE630	0_2_00AEE630
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5A62A	0_2_00B5A62A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C3866B	0_2_00C3866B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B68604	0_2_00B68604
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF067E	0_2_00BF067E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8267D	0_2_00B8267D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B08650	0_2_00B08650
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B4C65C	0_2_00B4C65C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD8657	0_2_00BD8657
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7264E	0_2_00B7264E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE47A5	0_2_00BE47A5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC478E	0_2_00BC478E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8C783	0_2_00B8C783
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C16785	0_2_00C16785
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB47DA	0_2_00BB47DA
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C327A9	0_2_00C327A9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFE7D4	0_2_00BFE7D4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C227B4	0_2_00C227B4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C107B9	0_2_00C107B9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B767CD	0_2_00B767CD
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B9C72B	0_2_00B9C72B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B74721	0_2_00B74721
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFA723	0_2_00BFA723
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B36716	0_2_00B36716
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0C765	0_2_00C0C765
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7E700	0_2_00B7E700
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0470A	0_2_00C0470A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B96772	0_2_00B96772
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7A778	0_2_00B7A778
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BDC76F	0_2_00BDC76F
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C9C71E	0_2_00C9C71E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0071D	0_2_00C0071D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B48744	0_2_00B48744
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C34731	0_2_00C34731
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AE2750	0_2_00AE2750
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B088B0	0_2_00B088B0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AEC8A0	0_2_00AEC8A0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C068D0	0_2_00C068D0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE88A5	0_2_00BE88A5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB88A6	0_2_00BB88A6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE488E	0_2_00BE488E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C188FF	0_2_00C188FF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA88F8	0_2_00BA88F8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BEC8FB	0_2_00BEC8FB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B848E1	0_2_00B848E1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2C898	0_2_00C2C898
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B3E8EC	0_2_00B3E8EC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B508D5	0_2_00B508D5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BBA8CC	0_2_00BBA8CC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD2827	0_2_00BD2827
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BDE820	0_2_00BDE820
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B46814	0_2_00B46814
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB081A	0_2_00BB081A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B4481D	0_2_00B4481D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2E870	0_2_00C2E870
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6080A	0_2_00B6080A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C20806	0_2_00C20806
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B36864	0_2_00B36864
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2481C	0_2_00C2481C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFC85E	0_2_00BFC85E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00ADC840	0_2_00ADC840
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD6853	0_2_00BD6853
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA284E	0_2_00BA284E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B78840	0_2_00B78840
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BCE99B	0_2_00BCE99B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC298C	0_2_00BC298C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AFC9EB	0_2_00AFC9EB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B109E0	0_2_00B109E0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C30996	0_2_00C30996
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB29E0	0_2_00BB29E0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BAA9E7	0_2_00BAA9E7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C029A3	0_2_00C029A3
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B709DB	0_2_00B709DB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BCC9CB	0_2_00BCC9CB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B86918	0_2_00B86918
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7C903	0_2_00B7C903
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF6910	0_2_00AF6910
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B68970	0_2_00B68970
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C3890A	0_2_00C3890A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AEE960	0_2_00AEE960
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B80967	0_2_00B80967
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BBC950	0_2_00BBC950
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C38AC0	0_2_00C38AC0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF8ABC	0_2_00AF8ABC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA0AA1	0_2_00BA0AA1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC6A98	0_2_00BC6A98
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B90A97	0_2_00B90A97
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B4CA86	0_2_00B4CA86
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B66A89	0_2_00B66A89
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B88AF8	0_2_00B88AF8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C22A81	0_2_00C22A81
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BBEAF6	0_2_00BBEAF6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B62AF8	0_2_00B62AF8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C3AA9A	0_2_00C3AA9A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5AAEB	0_2_00B5AAEB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B3EACB	0_2_00B3EACB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD8AC1	0_2_00BD8AC1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1CA41	0_2_00C1CA41
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1EA4D	0_2_00C1EA4D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5EA23	0_2_00B5EA23
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B82A23	0_2_00B82A23
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF0A1E	0_2_00BF0A1E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0AA6F	0_2_00C0AA6F
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC4A0C	0_2_00BC4A0C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B58A79	0_2_00B58A79
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B54A78	0_2_00B54A78
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8EA63	0_2_00B8EA63
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B0CA40	0_2_00B0CA40
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C34A39	0_2_00C34A39
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7EBB6	0_2_00B7EBB6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C04BC5	0_2_00C04BC5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AD4BA0	0_2_00AD4BA0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B3CB95	0_2_00B3CB95
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AEEB80	0_2_00AEEB80
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6AB98	0_2_00B6AB98
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BACBED	0_2_00BACBED
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFCBE4	0_2_00BFCBE4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B4CBD5	0_2_00B4CBD5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0CB51	0_2_00C0CB51
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD0B20	0_2_00BD0B20
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B84B1F	0_2_00B84B1F
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B42B19	0_2_00B42B19
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AE8B1B	0_2_00AE8B1B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7AB73	0_2_00B7AB73
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B76B70	0_2_00B76B70
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C16B0B	0_2_00C16B0B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BEEB6C	0_2_00BEEB6C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C26B10	0_2_00C26B10
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB8B60	0_2_00BB8B60
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF6B63	0_2_00BF6B63
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BDAB5A	0_2_00BDAB5A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00ADAB40	0_2_00ADAB40
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AE4CA0	0_2_00AE4CA0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA4CD9	0_2_00CA4CD9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF0CA6	0_2_00BF0CA6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA4C89	0_2_00BA4C89
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B92C82	0_2_00B92C82
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C34CFD	0_2_00C34CFD
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE2C81	0_2_00BE2C81
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C24C92	0_2_00C24C92
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C06C9B	0_2_00C06C9B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFECDB	0_2_00BFECDB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC0CD7	0_2_00BC0CD7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B50CC9	0_2_00B50CC9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2CCBD	0_2_00C2CCBD
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BCAC3B	0_2_00BCAC3B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C3AC57	0_2_00C3AC57
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC4C14	0_2_00BC4C14
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB6C00	0_2_00BB6C00
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C10C03	0_2_00C10C03
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB0C71	0_2_00BB0C71
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C9AC12	0_2_00C9AC12
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C00C3A	0_2_00C00C3A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B30DBC	0_2_00B30DBC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BBCDA4	0_2_00BBCDA4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BCED88	0_2_00BCED88
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C38DF7	0_2_00C38DF7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B70D8F	0_2_00B70D8F
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B0CDF0	0_2_00B0CDF0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C02D89	0_2_00C02D89
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C26D8E	0_2_00C26D8E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF4DF1	0_2_00BF4DF1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0CD8E	0_2_00C0CD8E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF0DE8	0_2_00BF0DE8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B64DE9	0_2_00B64DE9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B60DD4	0_2_00B60DD4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C18DA3	0_2_00C18DA3
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB2DDE	0_2_00BB2DDE
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B9ADD5	0_2_00B9ADD5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C12DAE	0_2_00C12DAE
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA6DC7	0_2_00BA6DC7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF6D2E	0_2_00AF6D2E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5CD31	0_2_00B5CD31
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B10D20	0_2_00B10D20
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFAD2C	0_2_00BFAD2C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BBAD22	0_2_00BBAD22
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C22D5D	0_2_00C22D5D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6CD14	0_2_00B6CD14
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B98D1B	0_2_00B98D1B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B84D15	0_2_00B84D15
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF6D03	0_2_00BF6D03
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C30D07	0_2_00C30D07
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B58D70	0_2_00B58D70
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BAAD7D	0_2_00BAAD7D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B32D68	0_2_00B32D68
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AFCD4C	0_2_00AFCD4C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE8D55	0_2_00BE8D55
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AFCD5E	0_2_00AFCD5E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE0D47	0_2_00BE0D47
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B94EB0	0_2_00B94EB0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B08EA0	0_2_00B08EA0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AD2EB0	0_2_00AD2EB0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AEAEB0	0_2_00AEAEB0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8CE89	0_2_00B8CE89
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BEAEF8	0_2_00BEAEF8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BDEEF7	0_2_00BDEEF7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B70EE7	0_2_00B70EE7
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B82ED0	0_2_00B82ED0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA8EC2	0_2_00BA8EC2
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BCCE1B	0_2_00BCCE1B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B54E03	0_2_00B54E03
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC0E0A	0_2_00BC0E0A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C14E00	0_2_00C14E00
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF2E6D	0_2_00AF2E6D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF0E6C	0_2_00AF0E6C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B9EE7D	0_2_00B9EE7D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AFEE63	0_2_00AFEE63
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B38E63	0_2_00B38E63
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2AE25	0_2_00C2AE25
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00ADCE45	0_2_00ADCE45
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE6E54	0_2_00BE6E54
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BBEFAA	0_2_00BBEFAA
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B54FAC	0_2_00B54FAC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6AFFB	0_2_00B6AFFB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C26F8C	0_2_00C26F8C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0CF90	0_2_00C0CF90
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BC4FE3	0_2_00BC4FE3
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BBAFDF	0_2_00BBAFDF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B9CFC5	0_2_00B9CFC5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB8F24	0_2_00BB8F24
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7AF11	0_2_00B7AF11
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B86F70	0_2_00B86F70
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD0F67	0_2_00BD0F67
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C32F19	0_2_00C32F19
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B66F55	0_2_00B66F55
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B90F50	0_2_00B90F50
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C16F2C	0_2_00C16F2C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE2F50	0_2_00BE2F50
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B4CF43	0_2_00B4CF43
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AE6F52	0_2_00AE6F52
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C050D6	0_2_00C050D6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B9708E	0_2_00B9708E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C3908A	0_2_00C3908A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2F090	0_2_00C2F090
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA10E2	0_2_00BA10E2
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFD0DF	0_2_00BFD0DF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C330A1	0_2_00C330A1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B410DA	0_2_00B410DA
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B690CF	0_2_00B690CF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF70C3	0_2_00BF70C3
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFF0C2	0_2_00BFF0C2
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7F031	0_2_00B7F031
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B45033	0_2_00B45033
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B4903D	0_2_00B4903D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00ADD021	0_2_00ADD021
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C3B05B	0_2_00C3B05B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD7026	0_2_00BD7026
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AED003	0_2_00AED003
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B93009	0_2_00B93009
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B37009	0_2_00B37009
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B79073	0_2_00B79073
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1D00E	0_2_00C1D00E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C01018	0_2_00C01018
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BAF060	0_2_00BAF060
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA505A	0_2_00BA505A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD504D	0_2_00BD504D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AF91AE	0_2_00AF91AE
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5D1B9	0_2_00B5D1B9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C2D1D0	0_2_00C2D1D0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B351AC	0_2_00B351AC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BBD19E	0_2_00BBD19E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C311EC	0_2_00C311EC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B75186	0_2_00B75186
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B9B18B	0_2_00B9B18B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B65180	0_2_00B65180
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C191F8	0_2_00C191F8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B0F18B	0_2_00B0F18B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C15181	0_2_00C15181
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B451F0	0_2_00B451F0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B811ED	0_2_00B811ED
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE51EB	0_2_00BE51EB
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B991D9	0_2_00B991D9
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE11D1	0_2_00BE11D1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1B1B5	0_2_00C1B1B5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6F134	0_2_00B6F134
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C21155	0_2_00C21155
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B85123	0_2_00B85123
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C0B15E	0_2_00C0B15E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BE711B	0_2_00BE711B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B59100	0_2_00B59100
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD9107	0_2_00BD9107
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B3917A	0_2_00B3917A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFB171	0_2_00BFB171
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B43160	0_2_00B43160
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8D16C	0_2_00B8D16C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C99110	0_2_00C99110
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB3162	0_2_00BB3162
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B3316F	0_2_00B3316F
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C23127	0_2_00C23127
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF914C	0_2_00BF914C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B392BF	0_2_00B392BF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C212CF	0_2_00C212CF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF3294	0_2_00BF3294
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B09280	0_2_00B09280
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BA9289	0_2_00BA9289
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BB52FD	0_2_00BB52FD
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B3D2D0	0_2_00B3D2D0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C4D2B2	0_2_00C4D2B2
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B532CF	0_2_00B532CF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00AE1227	0_2_00AE1227
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C1F253	0_2_00C1F253
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B63220	0_2_00B63220
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BD5223	0_2_00BD5223
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B3120A	0_2_00B3120A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B7320C	0_2_00B7320C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BF1202	0_2_00BF1202
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00BFF257	0_2_00BFF257
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6925C	0_2_00B6925C
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C27228	0_2_00C27228
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5525A	0_2_00B5525A
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B5B3B1	0_2_00B5B3B1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00C233C8	0_2_00C233C8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B8B39F	0_2_00B8B39F
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B6739B	0_2_00B6739B

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: String function: 00AD7F60 appears 40 times
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: String function: 00AE4C90 appears 77 times

Source: HJVzgKyC0y.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: HJVzgKyC0y.exe	Static PE information: Section: ZLIB complexity 0.9995659722222222
Source: HJVzgKyC0y.exe	Static PE information: Section: ozaamdlu ZLIB complexity 0.994678026758982

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

Code function: 0_2_00B02070 CoCreateInstance,

0_2_00B02070

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: HJVzgKyC0y.exe	Virustotal: Detection: 52%
Source: HJVzgKyC0y.exe	ReversingLabs: Detection: 63%

Source: HJVzgKyC0y.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

File read: C:\Users\user\Desktop\HJVzgKyC0y.exe

Jump to behavior

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Section loaded: dpapi.dll	Jump to behavior

Source: HJVzgKyC0y.exe

Static file information: File size 1882112 > 1048576

Source: HJVzgKyC0y.exe

Static PE information: Raw size of ozaamdlu is bigger than: 0x100000 < 0x1a1800

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

Unpacked PE file: 0.2.HJVzgKyC0y.exe.ad0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ozaamdlu:EW;mbwkhvoz:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ozaamdlu:EW;mbwkhvoz:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: HJVzgKyC0y.exe

Static PE information: real checksum: 0x1d4a95 should be: 0x1d47e6

Source: HJVzgKyC0y.exe	Static PE information: section name:
Source: HJVzgKyC0y.exe	Static PE information: section name: .idata
Source: HJVzgKyC0y.exe	Static PE information: section name:
Source: HJVzgKyC0y.exe	Static PE information: section name: ozaamdlu
Source: HJVzgKyC0y.exe	Static PE information: section name: mbwkhvoz
Source: HJVzgKyC0y.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00B2C0A7 push ecx; mov dword ptr [esp], 2C558400h	0_2_00B2C0A8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 79428948h; mov dword ptr [esp], ebx	0_2_00CA009B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 66CF4FAAh; mov dword ptr [esp], edi	0_2_00CA0161
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push eax; mov dword ptr [esp], esi	0_2_00CA01B6
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push ebp; mov dword ptr [esp], edi	0_2_00CA01DE
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push ebx; mov dword ptr [esp], 75825E49h	0_2_00CA022D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push edx; mov dword ptr [esp], ebp	0_2_00CA0263
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push edx; mov dword ptr [esp], eax	0_2_00CA0267
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push edx; mov dword ptr [esp], esi	0_2_00CA02B4
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 4B315484h; mov dword ptr [esp], edi	0_2_00CA02BC
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 22E5C59Ah; mov dword ptr [esp], edx	0_2_00CA02F1
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 61235E5Ah; mov dword ptr [esp], eax	0_2_00CA0329
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 01AD429Ah; mov dword ptr [esp], edx	0_2_00CA0331
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 1844A588h; mov dword ptr [esp], ebp	0_2_00CA0405
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 176CF1FBh; mov dword ptr [esp], ebp	0_2_00CA0419
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 4B5A58F0h; mov dword ptr [esp], edi	0_2_00CA0429
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 3668D07Ah; mov dword ptr [esp], edi	0_2_00CA046E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 32B881FEh; mov dword ptr [esp], edi	0_2_00CA04A0
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push ebp; mov dword ptr [esp], 2F3F6099h	0_2_00CA04DE
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push eax; mov dword ptr [esp], esp	0_2_00CA0532
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push eax; mov dword ptr [esp], ebx	0_2_00CA055E
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 2445BF77h; mov dword ptr [esp], eax	0_2_00CA056B
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push edx; mov dword ptr [esp], eax	0_2_00CA05A5
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push edi; mov dword ptr [esp], edx	0_2_00CA05E8
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push ecx; mov dword ptr [esp], edx	0_2_00CA0649
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push edx; mov dword ptr [esp], esi	0_2_00CA0657
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 35F5A260h; mov dword ptr [esp], edx	0_2_00CA06DF
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push ebx; mov dword ptr [esp], edi	0_2_00CA06E3
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push ecx; mov dword ptr [esp], 0B8932FCh	0_2_00CA073D
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push 06DE463Bh; mov dword ptr [esp], edx	0_2_00CA0762
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Code function: 0_2_00CA008D push eax; mov dword ptr [esp], edx	0_2_00CA0778

Source: HJVzgKyC0y.exe	Static PE information: section name: entropy: 7.979623614733888
Source: HJVzgKyC0y.exe	Static PE information: section name: ozaamdlu entropy: 7.952920492167746

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: C9F68F second address: C9F6C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F5CB0BB9D2Ch 0x0000000b jmp 00007F5CB0BB9D26h 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F5CB0BB9D1Dh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CA91B7 second address: CA91BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CA91BB second address: CA91C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CA91C3 second address: CA91C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CA95FB second address: CA9626 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 jmp 00007F5CB0BB9D26h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 jnl 00007F5CB0BB9D1Eh 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CA976D second address: CA9777 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5CB0B526F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CA9777 second address: CA9793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5CB0BB9D26h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD1B8 second address: CAD1DB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5CB0B526F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F5CB0B526FEh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD1DB second address: CAD1E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD1E0 second address: CAD1E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD1E6 second address: CAD1EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD224 second address: CAD29B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], eax 0x00000008 mov edx, edi 0x0000000a push 00000000h 0x0000000c cmc 0x0000000d push E07C324Eh 0x00000012 push edx 0x00000013 push eax 0x00000014 pushad 0x00000015 popad 0x00000016 pop eax 0x00000017 pop edx 0x00000018 add dword ptr [esp], 1F83CE32h 0x0000001f mov edx, dword ptr [ebp+122D2075h] 0x00000025 push 00000003h 0x00000027 xor ch, 00000078h 0x0000002a push 00000000h 0x0000002c mov edx, esi 0x0000002e push 00000003h 0x00000030 jmp 00007F5CB0B526FEh 0x00000035 push 70C1F60Ah 0x0000003a pushad 0x0000003b push eax 0x0000003c pushad 0x0000003d popad 0x0000003e pop eax 0x0000003f jmp 00007F5CB0B526FEh 0x00000044 popad 0x00000045 add dword ptr [esp], 4F3E09F6h 0x0000004c jns 00007F5CB0B526FAh 0x00000052 mov si, 8A7Ah 0x00000056 lea ebx, dword ptr [ebp+124580F8h] 0x0000005c movsx ecx, di 0x0000005f xchg eax, ebx 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 popad 0x00000065 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD29B second address: CAD2AA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007F5CB0BB9D16h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD2AA second address: CAD2B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD345 second address: CAD356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5CB0BB9D1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD356 second address: CAD3D8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 5E604DB9h 0x0000000f movsx esi, bx 0x00000012 push 00000003h 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F5CB0B526F8h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e push 00000000h 0x00000030 mov edx, esi 0x00000032 push 00000003h 0x00000034 mov edx, dword ptr [ebp+122D3705h] 0x0000003a push 42BCD85Bh 0x0000003f push ecx 0x00000040 jmp 00007F5CB0B526FFh 0x00000045 pop ecx 0x00000046 add dword ptr [esp], 7D4327A5h 0x0000004d pushad 0x0000004e mov di, 4898h 0x00000052 add dword ptr [ebp+122D1E52h], edx 0x00000058 popad 0x00000059 lea ebx, dword ptr [ebp+12458101h] 0x0000005f mov dword ptr [ebp+122DB65Eh], eax 0x00000065 xor si, F9F2h 0x0000006a push eax 0x0000006b pushad 0x0000006c push eax 0x0000006d push edx 0x0000006e pushad 0x0000006f popad 0x00000070 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD3D8 second address: CAD3DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD498 second address: CAD4AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5CB0B526FFh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD4AF second address: CAD4D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F5CB0BB9D16h 0x00000009 jmp 00007F5CB0BB9D21h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push esi 0x00000019 pop esi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD4D5 second address: CAD4FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F5CB0B52701h 0x0000000c pop ecx 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jp 00007F5CB0B526F6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD4FA second address: CAD50E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F5CB0BB9D16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD50E second address: CAD562 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5CB0B526F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b pop eax 0x0000000c sub cl, 00000034h 0x0000000f push 00000003h 0x00000011 mov dl, 9Ch 0x00000013 push 00000000h 0x00000015 sub esi, dword ptr [ebp+122D2B1Fh] 0x0000001b push 00000003h 0x0000001d jng 00007F5CB0B526F6h 0x00000023 call 00007F5CB0B526F9h 0x00000028 jne 00007F5CB0B52702h 0x0000002e push eax 0x0000002f jg 00007F5CB0B5270Ah 0x00000035 pushad 0x00000036 jmp 00007F5CB0B526FCh 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD562 second address: CAD595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a jc 00007F5CB0BB9D18h 0x00000010 push esi 0x00000011 pop esi 0x00000012 jmp 00007F5CB0BB9D1Ah 0x00000017 popad 0x00000018 mov eax, dword ptr [eax] 0x0000001a jmp 00007F5CB0BB9D1Ah 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD595 second address: CAD599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD599 second address: CAD59F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD59F second address: CAD5D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B52706h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov esi, dword ptr [ebp+122D346Dh] 0x00000010 lea ebx, dword ptr [ebp+1245810Ch] 0x00000016 mov dword ptr [ebp+124516C5h], ebx 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CAD5D3 second address: CAD5D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCC415 second address: CCC41B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCC41B second address: CCC425 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5CB0BB9D22h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCC425 second address: CCC449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F5CB0B526F6h 0x0000000a jp 00007F5CB0B526F8h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 jmp 00007F5CB0B526FBh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCC449 second address: CCC458 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5CB0BB9D16h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCC458 second address: CCC462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCC87A second address: CCC893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0BB9D1Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jns 00007F5CB0BB9D16h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCCB7B second address: CCCB97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B52705h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCCB97 second address: CCCBCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0BB9D27h 0x00000009 jmp 00007F5CB0BB9D28h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCCBCB second address: CCCBED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B52704h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5CB0B526FAh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCCBED second address: CCCBF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCCBF1 second address: CCCBFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCCEAB second address: CCCEB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCD1AC second address: CCD1D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B52708h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F5CB0B526FEh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCD1D6 second address: CCD1DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCD7DA second address: CCD7EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5CB0B526FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCDF41 second address: CCDF66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5CB0BB9D16h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d jl 00007F5CB0BB9D28h 0x00000013 jmp 00007F5CB0BB9D22h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCE0AE second address: CCE0B3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCE1CC second address: CCE1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F5CB0BB9D22h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCE1D8 second address: CCE1DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCE1DE second address: CCE1E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCE1E6 second address: CCE1F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jne 00007F5CB0B526F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCE501 second address: CCE505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CCFB18 second address: CCFB1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CD5034 second address: CD504A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F5CB0BB9D18h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CD9126 second address: CD912E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CD912E second address: CD914C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5CB0BB9D28h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CD9403 second address: CD9408 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CD9408 second address: CD9454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0BB9D22h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F5CB0BB9D1Fh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 jc 00007F5CB0BB9D5Dh 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F5CB0BB9D28h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CD9454 second address: CD9458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CD9458 second address: CD946F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0BB9D23h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CD971F second address: CD972C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CD972C second address: CD9734 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCE08 second address: CDCE0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCE0D second address: CDCE12 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCECE second address: CDCF02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F5CB0B52704h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push ecx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d pop ecx 0x0000001e mov eax, dword ptr [eax] 0x00000020 push ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCF02 second address: CDCF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCF06 second address: CDCF1F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F5CB0B526FCh 0x00000013 jc 00007F5CB0B526F6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDD09B second address: CDD0B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jp 00007F5CB0BB9D20h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDDC8F second address: CDDC95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDDC95 second address: CDDCC6 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5CB0BB9D18h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c js 00007F5CB0BB9D18h 0x00000012 pop ecx 0x00000013 xchg eax, ebx 0x00000014 mov esi, dword ptr [ebp+122D2AF4h] 0x0000001a nop 0x0000001b push eax 0x0000001c push edx 0x0000001d push edi 0x0000001e jmp 00007F5CB0BB9D1Eh 0x00000023 pop edi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDDCC6 second address: CDDCE1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F5CB0B526FCh 0x00000008 jo 00007F5CB0B526F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edi 0x00000012 pushad 0x00000013 jnl 00007F5CB0B526F6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDDE2A second address: CDDE30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDE1D2 second address: CDE1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDF032 second address: CDF036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDF036 second address: CDF0A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F5CB0B52701h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D1B41h], ecx 0x00000015 push 00000000h 0x00000017 call 00007F5CB0B526FEh 0x0000001c xor dword ptr [ebp+122D201Ch], ecx 0x00000022 pop edi 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007F5CB0B526F8h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 0000001Bh 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f sbb si, 004Bh 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 jns 00007F5CB0B526F6h 0x0000004e pushad 0x0000004f popad 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDF0A5 second address: CDF0C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5CB0BB9D27h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE150C second address: CE1510 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE1510 second address: CE1581 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0BB9D1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d mov di, D142h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F5CB0BB9D18h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push esi 0x00000032 call 00007F5CB0BB9D18h 0x00000037 pop esi 0x00000038 mov dword ptr [esp+04h], esi 0x0000003c add dword ptr [esp+04h], 0000001Ah 0x00000044 inc esi 0x00000045 push esi 0x00000046 ret 0x00000047 pop esi 0x00000048 ret 0x00000049 movzx edi, bx 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f jno 00007F5CB0BB9D1Ch 0x00000055 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE2AB3 second address: CE2AF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B526FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov esi, ebx 0x0000000c push 00000000h 0x0000000e mov dword ptr [ebp+122DB6D0h], ebx 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 adc edi, 6664CA8Bh 0x0000001d pop edi 0x0000001e xchg eax, ebx 0x0000001f push edx 0x00000020 jo 00007F5CB0B526FCh 0x00000026 jnp 00007F5CB0B526F6h 0x0000002c pop edx 0x0000002d push eax 0x0000002e pushad 0x0000002f push ebx 0x00000030 push esi 0x00000031 pop esi 0x00000032 pop ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 pop eax 0x00000037 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE283D second address: CE2843 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE2843 second address: CE2849 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE2849 second address: CE284D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE34B7 second address: CE3547 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F5CB0B526F8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 jmp 00007F5CB0B526FFh 0x00000027 push 00000000h 0x00000029 jns 00007F5CB0B526FCh 0x0000002f mov dword ptr [ebp+122D1CF8h], edx 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push esi 0x0000003a call 00007F5CB0B526F8h 0x0000003f pop esi 0x00000040 mov dword ptr [esp+04h], esi 0x00000044 add dword ptr [esp+04h], 00000018h 0x0000004c inc esi 0x0000004d push esi 0x0000004e ret 0x0000004f pop esi 0x00000050 ret 0x00000051 mov esi, dword ptr [ebp+122D35D5h] 0x00000057 push eax 0x00000058 pushad 0x00000059 pushad 0x0000005a pushad 0x0000005b popad 0x0000005c pushad 0x0000005d popad 0x0000005e popad 0x0000005f push eax 0x00000060 push edx 0x00000061 jmp 00007F5CB0B52707h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE5323 second address: CE534F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pushad 0x0000000b pushad 0x0000000c jng 00007F5CB0BB9D16h 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F5CB0BB9D26h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE534F second address: CE5379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5CB0B52708h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F5CB0B526FBh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE5379 second address: CE537D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE672D second address: CE6747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5CB0B52706h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE3DE8 second address: CE3DF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5CB0BB9D1Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE6747 second address: CE674B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE674B second address: CE6759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE88C0 second address: CE88C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE7AA1 second address: CE7AA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE88C5 second address: CE88CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE88CA second address: CE88D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE88D0 second address: CE88E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F5CB0B526F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE88E2 second address: CE88E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE99D2 second address: CE99F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F5CB0B52703h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jnp 00007F5CB0B526F6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE99F8 second address: CE99FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE8B59 second address: CE8B68 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE8B68 second address: CE8B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE8B6C second address: CE8B72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CEA9EE second address: CEAA5D instructions: 0x00000000 rdtsc 0x00000002 je 00007F5CB0BB9D1Ch 0x00000008 jnc 00007F5CB0BB9D16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007F5CB0BB9D28h 0x00000016 nop 0x00000017 movzx ebx, cx 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007F5CB0BB9D18h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 00000017h 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 push 00000000h 0x00000038 mov bx, si 0x0000003b xchg eax, esi 0x0000003c push eax 0x0000003d push edx 0x0000003e push ebx 0x0000003f jmp 00007F5CB0BB9D27h 0x00000044 pop ebx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE9BA1 second address: CE9BA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CEAA5D second address: CEAA64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE9BA6 second address: CE9C7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F5CB0B526F6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e jmp 00007F5CB0B52708h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007F5CB0B526F8h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 clc 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c sub bx, E9B2h 0x00000041 mov eax, dword ptr [ebp+122D05D9h] 0x00000047 jmp 00007F5CB0B526FDh 0x0000004c push FFFFFFFFh 0x0000004e push 00000000h 0x00000050 push ebp 0x00000051 call 00007F5CB0B526F8h 0x00000056 pop ebp 0x00000057 mov dword ptr [esp+04h], ebp 0x0000005b add dword ptr [esp+04h], 0000001Ah 0x00000063 inc ebp 0x00000064 push ebp 0x00000065 ret 0x00000066 pop ebp 0x00000067 ret 0x00000068 call 00007F5CB0B52705h 0x0000006d pop ebx 0x0000006e nop 0x0000006f jno 00007F5CB0B52704h 0x00000075 push eax 0x00000076 pushad 0x00000077 ja 00007F5CB0B52703h 0x0000007d push eax 0x0000007e push edx 0x0000007f push eax 0x00000080 push edx 0x00000081 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CE9C7C second address: CE9C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CEB9CB second address: CEB9D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F5CB0B526F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CEBBA1 second address: CEBBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CEBC8F second address: CEBC93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CEBC93 second address: CEBC97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CEFA47 second address: CEFA4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CEDC71 second address: CEDC75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF0A2E second address: CF0A4D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5CB0B52705h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF0A4D second address: CF0A65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5CB0BB9D23h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF0A65 second address: CF0AF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D2715h], ebx 0x0000000e jmp 00007F5CB0B52701h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F5CB0B526F8h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ebp 0x00000034 call 00007F5CB0B526F8h 0x00000039 pop ebp 0x0000003a mov dword ptr [esp+04h], ebp 0x0000003e add dword ptr [esp+04h], 00000018h 0x00000046 inc ebp 0x00000047 push ebp 0x00000048 ret 0x00000049 pop ebp 0x0000004a ret 0x0000004b cmc 0x0000004c xchg eax, esi 0x0000004d jmp 00007F5CB0B526FBh 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F5CB0B52709h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CEDC75 second address: CEDC7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF1A55 second address: CF1A59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CEDC7B second address: CEDC92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5CB0BB9D23h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF1A59 second address: CF1AF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F5CB0B526FDh 0x00000011 nop 0x00000012 jno 00007F5CB0B526FBh 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007F5CB0B526F8h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 movzx ebx, si 0x00000037 movzx edi, ax 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007F5CB0B526F8h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 cmc 0x00000057 xor dword ptr [ebp+122D1C5Fh], edi 0x0000005d xchg eax, esi 0x0000005e pushad 0x0000005f ja 00007F5CB0B5270Fh 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 popad 0x00000069 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF1AF4 second address: CF1B09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0BB9D1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF2ADB second address: CF2ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF2ADF second address: CF2AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF49D3 second address: CF4A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F5CB0B526F6h 0x0000000a popad 0x0000000b ja 00007F5CB0B526FCh 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 adc bx, CB47h 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edi 0x0000001f call 00007F5CB0B526F8h 0x00000024 pop edi 0x00000025 mov dword ptr [esp+04h], edi 0x00000029 add dword ptr [esp+04h], 00000016h 0x00000031 inc edi 0x00000032 push edi 0x00000033 ret 0x00000034 pop edi 0x00000035 ret 0x00000036 jmp 00007F5CB0B52700h 0x0000003b push 00000000h 0x0000003d mov bx, cx 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push esi 0x00000046 pop esi 0x00000047 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF4A2F second address: CF4A35 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF1CC0 second address: CF1D52 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5CB0B526F8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F5CB0B52709h 0x00000012 nop 0x00000013 mov bl, cl 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push 00000000h 0x0000001e push ecx 0x0000001f call 00007F5CB0B526F8h 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], ecx 0x00000029 add dword ptr [esp+04h], 00000016h 0x00000031 inc ecx 0x00000032 push ecx 0x00000033 ret 0x00000034 pop ecx 0x00000035 ret 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d sub edi, 2AD2A5DBh 0x00000043 mov eax, dword ptr [ebp+122D0A85h] 0x00000049 push 00000000h 0x0000004b push edx 0x0000004c call 00007F5CB0B526F8h 0x00000051 pop edx 0x00000052 mov dword ptr [esp+04h], edx 0x00000056 add dword ptr [esp+04h], 0000001Ah 0x0000005e inc edx 0x0000005f push edx 0x00000060 ret 0x00000061 pop edx 0x00000062 ret 0x00000063 mov bl, 9Ch 0x00000065 push FFFFFFFFh 0x00000067 mov dword ptr [ebp+122D17D0h], ebx 0x0000006d push eax 0x0000006e push ecx 0x0000006f push edx 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF3BFA second address: CF3C09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007F5CB0BB9D16h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF6B60 second address: CF6B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0B52703h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF3CA3 second address: CF3CB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F5CB0BB9D16h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF715E second address: CF7162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF7162 second address: CF7166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF7166 second address: CF716C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF2CC8 second address: CF2CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF2CCC second address: CF2CD6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F5CB0B526F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF716C second address: CF717D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jno 00007F5CB0BB9D16h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF72C8 second address: CF72EF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F5CB0B526FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5CB0B52702h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF72EF second address: CF72F5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CF72F5 second address: CF72FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CFC33D second address: CFC341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0091D second address: D00968 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F5CB0B526F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jp 00007F5CB0B526F6h 0x00000013 push edi 0x00000014 pop edi 0x00000015 jmp 00007F5CB0B52708h 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F5CB0B52706h 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D00968 second address: D00972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5CB0BB9D16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D00972 second address: D00998 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B52702h 0x00000007 jmp 00007F5CB0B52700h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: C955B7 second address: C955BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CFFFCC second address: CFFFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CFFFD7 second address: CFFFDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CFFFDB second address: CFFFDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D002F2 second address: D002F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D002F6 second address: D002FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D04C74 second address: D04C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D04C79 second address: D04C7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D04C7F second address: D04C83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0AD23 second address: D0AD27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0A185 second address: D0A189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0A189 second address: D0A18D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0A906 second address: D0A90A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0AA30 second address: D0AA3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D10680 second address: D1068B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0F525 second address: D0F529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0F676 second address: D0F67C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0F67C second address: D0F685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0F685 second address: D0F68F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F5CB0BB9D16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0F68F second address: D0F69A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0F69A second address: D0F6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0F999 second address: D0F99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0F99D second address: D0F9AA instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5CB0BB9D16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D0FFB0 second address: D0FFBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnp 00007F5CB0B526FCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1010C second address: D10116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F5CB0BB9D16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D10116 second address: D1011A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1011A second address: D10128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F5CB0BB9D1Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: C9DC57 second address: C9DC8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 js 00007F5CB0B52722h 0x0000000d pushad 0x0000000e jmp 00007F5CB0B52708h 0x00000013 jne 00007F5CB0B526F6h 0x00000019 jnl 00007F5CB0B526F6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1BF3E second address: D1BF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1ADA6 second address: D1ADAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1ADAA second address: D1ADB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1ADB0 second address: D1ADC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0B52700h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDB8D4 second address: CDB8F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0BB9D24h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDB8F1 second address: CDB8F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDB9DA second address: CDB9E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDBF0F second address: CDBF13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDBF13 second address: CDBF4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0BB9D1Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a mov dword ptr [esp], esi 0x0000000d cmc 0x0000000e nop 0x0000000f jns 00007F5CB0BB9D30h 0x00000015 push eax 0x00000016 pushad 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDBF4D second address: CDBF5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jo 00007F5CB0B526FCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC04F second address: CDC086 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5CB0BB9D16h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F5CB0BB9D27h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e jnp 00007F5CB0BB9D16h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC086 second address: CDC0AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B52708h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC0AA second address: CDC0B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC0B1 second address: CDC0D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F5CB0B52703h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC331 second address: CDC33C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F5CB0BB9D16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCA2D second address: CDCA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F5CB0B526FBh 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCA46 second address: CDCA4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCA4A second address: CDCA50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCA50 second address: CDCA5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F5CB0BB9D16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCB35 second address: CDCB39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCB39 second address: CDCB3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCB3D second address: CDCB9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F5CB0B526F8h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 adc di, CE32h 0x00000029 lea eax, dword ptr [ebp+12486669h] 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F5CB0B526F8h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 00000014h 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 mov edi, dword ptr [ebp+122D349Dh] 0x0000004f nop 0x00000050 push ecx 0x00000051 pushad 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDCB9E second address: CC50E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5CB0BB9D16h 0x0000000a popad 0x0000000b pop ecx 0x0000000c push eax 0x0000000d jns 00007F5CB0BB9D20h 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F5CB0BB9D18h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e cmc 0x0000002f lea eax, dword ptr [ebp+12486625h] 0x00000035 mov dx, 3ADFh 0x00000039 push eax 0x0000003a jmp 00007F5CB0BB9D24h 0x0000003f mov dword ptr [esp], eax 0x00000042 push 00000000h 0x00000044 push edx 0x00000045 call 00007F5CB0BB9D18h 0x0000004a pop edx 0x0000004b mov dword ptr [esp+04h], edx 0x0000004f add dword ptr [esp+04h], 00000016h 0x00000057 inc edx 0x00000058 push edx 0x00000059 ret 0x0000005a pop edx 0x0000005b ret 0x0000005c pushad 0x0000005d js 00007F5CB0BB9D18h 0x00000063 pushad 0x00000064 popad 0x00000065 mov edi, 31F97887h 0x0000006a popad 0x0000006b call dword ptr [ebp+122D29B7h] 0x00000071 push ebx 0x00000072 push eax 0x00000073 push edx 0x00000074 pushad 0x00000075 popad 0x00000076 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1B1DC second address: D1B1E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1B1E2 second address: D1B1EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1B1EB second address: D1B1F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1B1F1 second address: D1B1F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1B60B second address: D1B63F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F5CB0B526F6h 0x0000000a ja 00007F5CB0B52726h 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 pop eax 0x00000015 jns 00007F5CB0B526F6h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F5CB0B52704h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1B788 second address: D1B78C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1B78C second address: D1B7B1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jo 00007F5CB0B526F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F5CB0B52709h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1B904 second address: D1B917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F5CB0BB9D16h 0x0000000a popad 0x0000000b jc 00007F5CB0BB9D1Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1B917 second address: D1B948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007F5CB0B52709h 0x0000000a pop ecx 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F5CB0B526FCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D1B948 second address: D1B94C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D20D30 second address: D20D3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F5CB0B526F6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D20EA3 second address: D20EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 jmp 00007F5CB0BB9D28h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D20EC8 second address: D20EDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0B526FDh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D211DC second address: D211F6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jg 00007F5CB0BB9D16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jng 00007F5CB0BB9D1Eh 0x00000012 pushad 0x00000013 popad 0x00000014 jnl 00007F5CB0BB9D16h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D211F6 second address: D21213 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B52708h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D21345 second address: D2134B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2134B second address: D2134F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D214B7 second address: D214D7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5CB0BB9D16h 0x00000008 jmp 00007F5CB0BB9D1Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F5CB0BB9D16h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D214D7 second address: D214DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D214DB second address: D214E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D214E1 second address: D214FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jbe 00007F5CB0B526F6h 0x0000000d je 00007F5CB0B526F6h 0x00000013 pop esi 0x00000014 popad 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 jng 00007F5CB0B526F6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D21A99 second address: D21A9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D21A9D second address: D21AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D25B02 second address: D25B06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D25B06 second address: D25B0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D25C3A second address: D25C44 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D25DA9 second address: D25DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push edx 0x00000007 jp 00007F5CB0B52702h 0x0000000d jno 00007F5CB0B526F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2843E second address: D28448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D28448 second address: D28464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0B52708h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D28464 second address: D28484 instructions: 0x00000000 rdtsc 0x00000002 js 00007F5CB0BB9D16h 0x00000008 jbe 00007F5CB0BB9D16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 pushad 0x00000012 ja 00007F5CB0BB9D18h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D28484 second address: D28488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D28488 second address: D2848E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2848E second address: D28498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D28498 second address: D284B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0BB9D27h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D281C4 second address: D281CE instructions: 0x00000000 rdtsc 0x00000002 ja 00007F5CB0B526F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D281CE second address: D281DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F5CB0BB9D16h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D281DC second address: D281E2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2D778 second address: D2D789 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F5CB0BB9D1Ch 0x00000008 jl 00007F5CB0BB9D16h 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2D789 second address: D2D7B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F5CB0B52712h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2D927 second address: D2D931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2D931 second address: D2D941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push esi 0x00000007 push ebx 0x00000008 jnl 00007F5CB0B526F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2D941 second address: D2D94E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 ja 00007F5CB0BB9D22h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2DAC2 second address: D2DAD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0B52701h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2DAD7 second address: D2DAEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F5CB0BB9D18h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2DC70 second address: D2DC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2DC74 second address: D2DCA0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5CB0BB9D16h 0x00000008 jmp 00007F5CB0BB9D24h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5CB0BB9D1Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2DCA0 second address: D2DCDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F5CB0B526F6h 0x00000009 jg 00007F5CB0B526F6h 0x0000000f jmp 00007F5CB0B526FBh 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F5CB0B52703h 0x0000001c jmp 00007F5CB0B526FDh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2DE53 second address: D2DE57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2DE57 second address: D2DE5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2DFF4 second address: D2DFF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2DFF9 second address: D2E01D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F5CB0B52701h 0x0000000e push edi 0x0000000f jo 00007F5CB0B526F6h 0x00000015 push edx 0x00000016 pop edx 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC559 second address: CDC560 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC560 second address: CDC5BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F5CB0B526F8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 pushad 0x00000025 mov ecx, dword ptr [ebp+122D3601h] 0x0000002b mov edx, 75FDCB0Ah 0x00000030 popad 0x00000031 jmp 00007F5CB0B52708h 0x00000036 push 00000004h 0x00000038 clc 0x00000039 nop 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC5BE second address: CDC5C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC5C2 second address: CDC5D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B52700h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC5D6 second address: CDC5F1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F5CB0BB9D1Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F5CB0BB9D16h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: CDC5F1 second address: CDC604 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B526FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2EC95 second address: D2EC99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2EC99 second address: D2EC9F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D2EC9F second address: D2ECA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D339B2 second address: D339C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5CB0B526FDh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D339C5 second address: D339C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3324E second address: D3325E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F5CB0B526F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3325E second address: D33262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D333D8 second address: D333E8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F5CB0B526F8h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3666E second address: D36672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D36672 second address: D36676 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3F330 second address: D3F335 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3F335 second address: D3F33B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3F33B second address: D3F341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3F341 second address: D3F347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3D36B second address: D3D379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnc 00007F5CB0BB9D16h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3D4B6 second address: D3D4C0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F5CB0B526F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3D4C0 second address: D3D4C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3DBA1 second address: D3DBC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B526FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d jmp 00007F5CB0B526FCh 0x00000012 pop eax 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3DED6 second address: D3DEFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop esi 0x0000000b popad 0x0000000c ja 00007F5CB0BB9D32h 0x00000012 jnp 00007F5CB0BB9D18h 0x00000018 push edx 0x00000019 pop edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jng 00007F5CB0BB9D16h 0x00000022 push edx 0x00000023 pop edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3E756 second address: D3E77B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jno 00007F5CB0B526F6h 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop ebx 0x00000012 jmp 00007F5CB0B526FFh 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3E77B second address: D3E785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F5CB0BB9D16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3EA2E second address: D3EA66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5CB0B52708h 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F5CB0B526F6h 0x00000015 jmp 00007F5CB0B52700h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3EA66 second address: D3EA6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3ED5F second address: D3ED63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3F04F second address: D3F054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D3F054 second address: D3F081 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F5CB0B526FFh 0x00000008 jmp 00007F5CB0B52702h 0x0000000d pop edi 0x0000000e jl 00007F5CB0B5270Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42457 second address: D42478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F5CB0BB9D26h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42478 second address: D424A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F5CB0B526FFh 0x0000000d jmp 00007F5CB0B52708h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42743 second address: D42765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F5CB0BB9D29h 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42765 second address: D4276B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42CE1 second address: D42D11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5CB0BB9D26h 0x00000009 jmp 00007F5CB0BB9D26h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42D11 second address: D42D17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42D17 second address: D42D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jmp 00007F5CB0BB9D1Ah 0x00000010 jmp 00007F5CB0BB9D1Ah 0x00000015 pop ebx 0x00000016 jmp 00007F5CB0BB9D1Ah 0x0000001b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42D41 second address: D42D46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42D46 second address: D42D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0BB9D21h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42ECD second address: D42ED3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42ED3 second address: D42EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007F5CB0BB9D16h 0x0000000d jnc 00007F5CB0BB9D16h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D42EE9 second address: D42EEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D43041 second address: D43045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D43045 second address: D43053 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F5CB0B526FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D43053 second address: D43057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D47F2B second address: D47F2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D47F2F second address: D47F37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D50935 second address: D50955 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F5CB0B526F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b jc 00007F5CB0B5274Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F5CB0B526FBh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D50955 second address: D50988 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0BB9D27h 0x00000007 jmp 00007F5CB0BB9D25h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D50A9F second address: D50AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D50AA4 second address: D50AAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D50AAA second address: D50AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D50AAE second address: D50AB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D50AB4 second address: D50AD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F5CB0B526FCh 0x00000012 pop edi 0x00000013 pushad 0x00000014 push edi 0x00000015 pop edi 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D575AE second address: D575E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0BB9D1Eh 0x00000007 jmp 00007F5CB0BB9D23h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F5CB0BB9D1Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D575E2 second address: D575E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D575E7 second address: D57608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0BB9D26h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D57608 second address: D5760C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D5726C second address: D5729B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5CB0BB9D22h 0x0000000c jmp 00007F5CB0BB9D26h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D5729B second address: D572B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B52701h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D572B0 second address: D572CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F5CB0BB9D29h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D5B279 second address: D5B27D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D5B27D second address: D5B281 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D675AE second address: D675C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F5CB0B52702h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D675C6 second address: D675E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F5CB0BB9D22h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D67152 second address: D67158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D67158 second address: D67163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D67163 second address: D6716D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F5CB0B526F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D6B7D5 second address: D6B7DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D6B7DB second address: D6B7DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D6B7DF second address: D6B824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F5CB0BB9D16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d js 00007F5CB0BB9D16h 0x00000013 push eax 0x00000014 pop eax 0x00000015 jmp 00007F5CB0BB9D24h 0x0000001a popad 0x0000001b pushad 0x0000001c jbe 00007F5CB0BB9D16h 0x00000022 jo 00007F5CB0BB9D16h 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b popad 0x0000002c pushad 0x0000002d push ebx 0x0000002e ja 00007F5CB0BB9D16h 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D6B824 second address: D6B834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jnp 00007F5CB0B526F6h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D7B7E3 second address: D7B7E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D7EA55 second address: D7EA5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D7EA5A second address: D7EA6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F5CB0BB9D16h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D83F0C second address: D83F16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D83F16 second address: D83F2D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F5CB0BB9D16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F5CB0BB9D16h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D83F2D second address: D83F3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B526FEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D83F3F second address: D83F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D83F45 second address: D83F5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F5CB0B52703h 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D83F5F second address: D83F65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D840A7 second address: D840C3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F5CB0B52706h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D840C3 second address: D840F5 instructions: 0x00000000 rdtsc 0x00000002 je 00007F5CB0BB9D1Ah 0x00000008 jmp 00007F5CB0BB9D1Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jc 00007F5CB0BB9D49h 0x00000015 push edi 0x00000016 jmp 00007F5CB0BB9D1Bh 0x0000001b push eax 0x0000001c pop eax 0x0000001d pop edi 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D840F5 second address: D840FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D844CD second address: D844E7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F5CB0BB9D22h 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D90E48 second address: D90E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F5CB0B526F8h 0x0000000a push eax 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D9893F second address: D98945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D98945 second address: D98966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 jmp 00007F5CB0B52707h 0x0000000b pop ecx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D98966 second address: D98971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D98971 second address: D98977 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D9B09A second address: D9B09F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: D9B09F second address: D9B0AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F5CB0B526F6h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DAAB8C second address: DAAB90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DAAB90 second address: DAAB94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DAAB94 second address: DAAB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DAA713 second address: DAA724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b js 00007F5CB0B526F6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DAA724 second address: DAA759 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F5CB0BB9D1Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F5CB0BB9D1Ah 0x00000011 push edi 0x00000012 pop edi 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push ebx 0x00000016 pushad 0x00000017 popad 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F5CB0BB9D23h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DBECC0 second address: DBED03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0B526FAh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 jmp 00007F5CB0B52703h 0x00000019 pushad 0x0000001a jmp 00007F5CB0B52704h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC26EF second address: DC26F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC26F3 second address: DC26F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC27A0 second address: DC27A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC27A4 second address: DC27B2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5CB0B526F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC2964 second address: DC2969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC29FC second address: DC2A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC2C85 second address: DC2C9C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F5CB0BB9D18h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d js 00007F5CB0BB9D20h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC2C9C second address: DC2CFD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 call 00007F5CB0B52700h 0x0000000c mov dx, di 0x0000000f pop edx 0x00000010 push dword ptr [ebp+122D19B0h] 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007F5CB0B526F8h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 mov dword ptr [ebp+122D1C65h], ecx 0x00000036 push 1948E445h 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F5CB0B52706h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC2CFD second address: DC2D02 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC57C1 second address: DC57DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F5CB0B52703h 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC57DE second address: DC57E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC57E3 second address: DC57FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F5CB0B52702h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC57FB second address: DC57FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC7752 second address: DC7769 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F5CB0B526FCh 0x0000000c jnc 00007F5CB0B526F6h 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC7769 second address: DC7786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F5CB0BB9D16h 0x0000000a jmp 00007F5CB0BB9D1Fh 0x0000000f popad 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	RDTSC instruction interceptor: First address: DC7786 second address: DC77A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F5CB0B52707h 0x0000000c rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Special instruction interceptor: First address: B287FE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Special instruction interceptor: First address: CD4DB4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Special instruction interceptor: First address: CD50EB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Special instruction interceptor: First address: CD3A9A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Special instruction interceptor: First address: CDB956 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Special instruction interceptor: First address: D605C1 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

Code function: 0_2_00B28ABB rdtsc

0_2_00B28ABB

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe TID: 5852	Thread sleep time: -120000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe TID: 6896	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: HJVzgKyC0y.exe, HJVzgKyC0y.exe, 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: HJVzgKyC0y.exe, 00000000.00000002.1479134979.0000000001487000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.00000000014E7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: HJVzgKyC0y.exe, 00000000.00000003.1478049360.00000000014D4000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.00000000014D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: HJVzgKyC0y.exe, 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	File opened: NTICE
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	File opened: SICE
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\HJVzgKyC0y.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

Code function: 0_2_00B28ABB rdtsc

0_2_00B28ABB

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

Code function: 0_2_00B0E110 LdrInitializeThunk,

0_2_00B0E110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: HJVzgKyC0y.exe	String found in binary or memory: bashfulacid.lat
Source: HJVzgKyC0y.exe	String found in binary or memory: curverpluch.lat
Source: HJVzgKyC0y.exe	String found in binary or memory: tentabatte.lat
Source: HJVzgKyC0y.exe	String found in binary or memory: shapestickyr.lat
Source: HJVzgKyC0y.exe	String found in binary or memory: talkynicer.lat
Source: HJVzgKyC0y.exe	String found in binary or memory: slipperyloo.lat
Source: HJVzgKyC0y.exe	String found in binary or memory: manyrestro.lat
Source: HJVzgKyC0y.exe	String found in binary or memory: observerfry.lat
Source: HJVzgKyC0y.exe	String found in binary or memory: wordyfindy.lat

Source: HJVzgKyC0y.exe, HJVzgKyC0y.exe, 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: iProgram Manager

Source: C:\Users\user\Desktop\HJVzgKyC0y.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
HJVzgKyC0y.exe	53%	Virustotal		Browse
HJVzgKyC0y.exe	63%	ReversingLabs	Win32.Ransomware.StealC
HJVzgKyC0y.exe	100%	Avira	TR/Crypt.XPACK.Gen
HJVzgKyC0y.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://bashfulacid.lat:443/api	100%	Avira URL Cloud	malware
https://talkynicer.lat:443/api	100%	Avira URL Cloud	malware
https://wordyfindy.lat:443/api	100%	Avira URL Cloud	malware
https://tentabatte.lat:443/api	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	23.55.153.106	true	false	high
wordyfindy.lat	unknown	unknown	false	high
slipperyloo.lat	unknown	unknown	false	high
curverpluch.lat	unknown	unknown	false	high
tentabatte.lat	unknown	unknown	false	high
manyrestro.lat	unknown	unknown	false	high
bashfulacid.lat	unknown	unknown	false	high
shapestickyr.lat	unknown	unknown	false	high
observerfry.lat	unknown	unknown	false	high
talkynicer.lat	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
curverpluch.lat	false	high
slipperyloo.lat	false	high
tentabatte.lat	false	high
manyrestro.lat	false	high
bashfulacid.lat	false	high
observerfry.lat	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
wordyfindy.lat	false	high
shapestickyr.lat	false	high
talkynicer.lat	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://player.vimeo.com	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/?subsection=broadcasts	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.steampowered.com/en/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/market/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/news/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/subscriber_agreement/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.gstatic.cn/recaptcha/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/subscriber_agreement/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://recaptcha.net/recaptcha/;	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wordyfindy.lat:443/api	HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.valvesoftware.com/legal.htm	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/discussions/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.f	HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/stats/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://talkynicer.lat:443/api	HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://medal.tv	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://broadcast.st.dl.eccdnx.com	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/steam_refunds/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bashfulacid.lat:443/api	HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://s.ytimg.com;	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/workshop/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.steampowered.com/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/76561199724331900p	HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/legal/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steam.tv/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://observerfry.lat:443/api	HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://tentabatte.lat:443/api	HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://store.steampowered.com/privacy_agreement/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/points/shop/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://recaptcha.net	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com:443/profiles/76561199724331900q	HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sketchfab.com	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lv.queniujq.cn	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://127.0.0.1:27060	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/privacy_agreement/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/recaptcha/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://checkout.steampowered.com/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.steampowered.com/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.steampowered.com/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000151D000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.000000000151D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/points/shop	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/account/cookiepreferences/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.000000000149B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/mobile	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477758978.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479395212.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000002.1479134979.00000000014A2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/;	HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/about/	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l	HJVzgKyC0y.exe, 00000000.00000003.1477685921.0000000001532000.00000004.00000020.00020000.00000000.sdmp, HJVzgKyC0y.exe, 00000000.00000003.1477685921.000000000152B000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.55.153.106	steamcommunity.com	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1580908
Start date and time:	2024-12-26 13:02:34 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	HJVzgKyC0y.exe renamed because original name is a hash value
Original Sample Name:	787c063e49255e491cf9424cdb48759c.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:03:32	API Interceptor	10x Sleep call for process: HJVzgKyC0y.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.55.153.106	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse
	Zun6NRK3q3.exe	Get hash	malicious	LummaC	Browse
	C8QT9HkXEb.exe	Get hash	malicious	LummaC	Browse
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Zun6NRK3q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	C8QT9HkXEb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Zun6NRK3q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	C8QT9HkXEb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	0hRSICdcGg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	rUfr2hQGOb.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YhF4vhbnMW.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	SPFFah2O2q.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	B8NcU4mckY.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	k6olCJyvIj.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	BeoHXxE7q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	ZBbOXn0a3R.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	23.55.153.106
	4KDKJjRzm8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Zun6NRK3q3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	P0SJULJxI0.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.948725258788066
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	HJVzgKyC0y.exe
File size:	1'882'112 bytes
MD5:	787c063e49255e491cf9424cdb48759c
SHA1:	29e1b23611e1a461e00589549f67ccbb9341ff57
SHA256:	1ada1e291cea479ab3c219477bb63ef332b1e7506aa0d07bf5bd7daaca40afe7
SHA512:	c4857d3a484d4e3b8cc939d030acde7da7ed70663de97251982125970e320b0183912f7f03cb616586151941cebd644a89f040b1a5f2b070c7218e1594cf57a0
SSDEEP:	49152:40p2eh//oq04fUCFtjQM0D7e/ylf9no/3/ksWLgxC:fTtweVtjQM0vlfC/PnWLu
TLSH:	3E95339EFEB7C9B7F3D4E6B4ED4A925C038254B9F11359E6900F3A72CCD24806752922
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig.............................@J...........@..........................pJ......J....@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8a4000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F5CB07B4DAAh
setbe byte ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F5CB07B6DA5h
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	821cd03441d1950623eee92ce9866c7f	False	0.9995659722222222	data	7.979623614733888	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1ac	0x200	c4249243ceaeb236e3ce8ce2ab2c9a69	False	0.5390625	data	5.249019796122045	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x2ac000	0x200	9782d29fef5506d4f5a38580cc49c2c2	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ozaamdlu	0x301000	0x1a2000	0x1a1800	e108fd698f7d1dbed91340c0853cee75	False	0.994678026758982	DOS executable (COM)	7.952920492167746	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
mbwkhvoz	0x4a3000	0x1000	0x400	9e50ae9e7c8f59c179fab7ebe90f3981	False	0.744140625	data	5.935284975920829	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4a4000	0x3000	0x2200	5784af54f61ccf5292c4144a5a79f044	False	0.072265625	DOS executable (COM)	0.7618066018971826	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-26T13:03:32.839688+0100	2058514	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wordyfindy .lat)	1	192.168.2.8	59525	1.1.1.1	53	UDP
2024-12-26T13:03:32.981328+0100	2058502	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (slipperyloo .lat)	1	192.168.2.8	64186	1.1.1.1	53	UDP
2024-12-26T13:03:33.130067+0100	2058492	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (manyrestro .lat)	1	192.168.2.8	49770	1.1.1.1	53	UDP
2024-12-26T13:03:33.269557+0100	2058500	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shapestickyr .lat)	1	192.168.2.8	58680	1.1.1.1	53	UDP
2024-12-26T13:03:33.411346+0100	2058510	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (talkynicer .lat)	1	192.168.2.8	51175	1.1.1.1	53	UDP
2024-12-26T13:03:33.553800+0100	2058484	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (curverpluch .lat)	1	192.168.2.8	56918	1.1.1.1	53	UDP
2024-12-26T13:03:33.700219+0100	2058512	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tentabatte .lat)	1	192.168.2.8	53987	1.1.1.1	53	UDP
2024-12-26T13:03:33.841779+0100	2058480	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bashfulacid .lat)	1	192.168.2.8	63361	1.1.1.1	53	UDP
2024-12-26T13:03:35.712786+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.8	49705	23.55.153.106	443	TCP
2024-12-26T13:03:36.578662+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.8	49705	23.55.153.106	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:03:34.214031935 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:34.214096069 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:34.214160919 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:34.218393087 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:34.218413115 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:35.712605953 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:35.712785959 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:35.715241909 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:35.715250015 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:35.715507030 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:35.763991117 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:35.832519054 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:35.879337072 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.578736067 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.578759909 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.578788996 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.578804016 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.578828096 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.578843117 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:36.578871012 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.578886986 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:36.578910112 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:36.578910112 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:36.707140923 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.707195997 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.707211018 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.707274914 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:36.707305908 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.707333088 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.707334995 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:36.707379103 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:36.709687948 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:36.709687948 CET	49705	443	192.168.2.8	23.55.153.106
Dec 26, 2024 13:03:36.709711075 CET	443	49705	23.55.153.106	192.168.2.8
Dec 26, 2024 13:03:36.709721088 CET	443	49705	23.55.153.106	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 26, 2024 13:03:32.695591927 CET	57080	53	192.168.2.8	1.1.1.1
Dec 26, 2024 13:03:32.833844900 CET	53	57080	1.1.1.1	192.168.2.8
Dec 26, 2024 13:03:32.839688063 CET	59525	53	192.168.2.8	1.1.1.1
Dec 26, 2024 13:03:32.976771116 CET	53	59525	1.1.1.1	192.168.2.8
Dec 26, 2024 13:03:32.981328011 CET	64186	53	192.168.2.8	1.1.1.1
Dec 26, 2024 13:03:33.125715971 CET	53	64186	1.1.1.1	192.168.2.8
Dec 26, 2024 13:03:33.130067110 CET	49770	53	192.168.2.8	1.1.1.1
Dec 26, 2024 13:03:33.267327070 CET	53	49770	1.1.1.1	192.168.2.8
Dec 26, 2024 13:03:33.269556999 CET	58680	53	192.168.2.8	1.1.1.1
Dec 26, 2024 13:03:33.407351971 CET	53	58680	1.1.1.1	192.168.2.8
Dec 26, 2024 13:03:33.411345959 CET	51175	53	192.168.2.8	1.1.1.1
Dec 26, 2024 13:03:33.549393892 CET	53	51175	1.1.1.1	192.168.2.8
Dec 26, 2024 13:03:33.553800106 CET	56918	53	192.168.2.8	1.1.1.1
Dec 26, 2024 13:03:33.696335077 CET	53	56918	1.1.1.1	192.168.2.8
Dec 26, 2024 13:03:33.700218916 CET	53987	53	192.168.2.8	1.1.1.1
Dec 26, 2024 13:03:33.837380886 CET	53	53987	1.1.1.1	192.168.2.8
Dec 26, 2024 13:03:33.841778994 CET	63361	53	192.168.2.8	1.1.1.1
Dec 26, 2024 13:03:33.979163885 CET	53	63361	1.1.1.1	192.168.2.8
Dec 26, 2024 13:03:33.983356953 CET	49537	53	192.168.2.8	1.1.1.1
Dec 26, 2024 13:03:34.208295107 CET	53	49537	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 26, 2024 13:03:32.695591927 CET	192.168.2.8	1.1.1.1	0xca0	Standard query (0)	observerfry.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:32.839688063 CET	192.168.2.8	1.1.1.1	0x93b5	Standard query (0)	wordyfindy.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:32.981328011 CET	192.168.2.8	1.1.1.1	0x9cec	Standard query (0)	slipperyloo.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.130067110 CET	192.168.2.8	1.1.1.1	0x1e22	Standard query (0)	manyrestro.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.269556999 CET	192.168.2.8	1.1.1.1	0xa1b6	Standard query (0)	shapestickyr.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.411345959 CET	192.168.2.8	1.1.1.1	0x7735	Standard query (0)	talkynicer.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.553800106 CET	192.168.2.8	1.1.1.1	0x8c3d	Standard query (0)	curverpluch.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.700218916 CET	192.168.2.8	1.1.1.1	0x6ecf	Standard query (0)	tentabatte.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.841778994 CET	192.168.2.8	1.1.1.1	0xb74f	Standard query (0)	bashfulacid.lat	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.983356953 CET	192.168.2.8	1.1.1.1	0xd25d	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 26, 2024 13:03:32.833844900 CET	1.1.1.1	192.168.2.8	0xca0	Name error (3)	observerfry.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:32.976771116 CET	1.1.1.1	192.168.2.8	0x93b5	Name error (3)	wordyfindy.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.125715971 CET	1.1.1.1	192.168.2.8	0x9cec	Name error (3)	slipperyloo.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.267327070 CET	1.1.1.1	192.168.2.8	0x1e22	Name error (3)	manyrestro.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.407351971 CET	1.1.1.1	192.168.2.8	0xa1b6	Name error (3)	shapestickyr.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.549393892 CET	1.1.1.1	192.168.2.8	0x7735	Name error (3)	talkynicer.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.696335077 CET	1.1.1.1	192.168.2.8	0x8c3d	Name error (3)	curverpluch.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.837380886 CET	1.1.1.1	192.168.2.8	0x6ecf	Name error (3)	tentabatte.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:33.979163885 CET	1.1.1.1	192.168.2.8	0xb74f	Name error (3)	bashfulacid.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 26, 2024 13:03:34.208295107 CET	1.1.1.1	192.168.2.8	0xd25d	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49705	23.55.153.106	443	1868	C:\Users\user\Desktop\HJVzgKyC0y.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-26 12:03:35 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-26 12:03:36 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 26 Dec 2024 12:03:36 GMT Content-Length: 25665 Connection: close Set-Cookie: sessionid=c35aebae02ee3edf0dcfc71d; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-26 12:03:36 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-26 12:03:36 UTC	10097	IN	Data Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>
2024-12-26 12:03:36 UTC	1089	IN	Data Raw: 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 Data Ascii: heir respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br>

Target ID:	0
Start time:	07:03:30
Start date:	26/12/2024
Path:	C:\Users\user\Desktop\HJVzgKyC0y.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\HJVzgKyC0y.exe"
Imagebase:	0xad0000
File size:	1'882'112 bytes
MD5 hash:	787C063E49255E491CF9424CDB48759C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	33.3%
Total number of Nodes:	69
Total number of Limit Nodes:	4

Executed Functions

Function 00ADB100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

k=W?, xrefs: 00ADB23F
zMzO, xrefs: 00ADB267
Ym]o, xrefs: 00ADB2B7
(Y6[, xrefs: 00ADB285
9]_, xrefs: 00ADB28F
D!M#, xrefs: 00ADB1F9
Gq\s, xrefs: 00ADB2C1
Gu@w, xrefs: 00ADB2CB
XyR{, xrefs: 00ADB2D5
pE}G, xrefs: 00ADB253
hI2K, xrefs: 00ADB25D
S%U', xrefs: 00ADB203
yQrS, xrefs: 00ADB271
b6j4, xrefs: 00ADB57D
.AtC, xrefs: 00ADB249

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
API String ID: 0-620192811
Opcode ID: 7ea0cfb5c13d35e115cf1ac7af59ce95f5debd8e0121ca142a16ca62aea2dfdc
Instruction ID: 2f63d7b972b174d720dbd8afc231c74c1a568aab056f7229bb6264540c374dfc
Opcode Fuzzy Hash: 7ea0cfb5c13d35e115cf1ac7af59ce95f5debd8e0121ca142a16ca62aea2dfdc
Instruction Fuzzy Hash: 8D0244B1211B01CFD324CF25D891BABBBF1BB45314F518A2DD5AB8BAA0DB74A445CF90

Function 00AD8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00AD8A4A

Part of subcall function 00ADB7B0: FreeLibrary.KERNEL32(00AD8A31), ref: 00ADB7B6
Part of subcall function 00ADB7B0: FreeLibrary.KERNEL32 ref: 00ADB7D7

Strings

b]u), xrefs: 00AD8877
}, xrefs: 00AD8913
}, xrefs: 00AD890C

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: FreeLibrary$ExitProcess
String ID: b]u)$}$}
API String ID: 1614911148-2900034282
Opcode ID: 50d3e7abd8b125d4b27bf5e03dbb12a4f890a7f787a6b3f4fb42f0d28fc97026
Instruction ID: e59be397a6d2c5cfe1a04c84401d49faf12337cbf84141f452384a58e78f1e19
Opcode Fuzzy Hash: 50d3e7abd8b125d4b27bf5e03dbb12a4f890a7f787a6b3f4fb42f0d28fc97026
Instruction Fuzzy Hash: 88C1F773E187144BC718DF69C84125AF7D6ABC8710F1EC52EA898EB3A5EA74DC048BC1

Function 00B0E110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00B1148A,?,00000018,?,?,00000018,?,?,?), ref: 00B0E13E

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00B11720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=<32, xrefs: 00B1176D

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: 640bcae536cfee5b7fdda7f760eb40dbb49c74254705091a797e86edeaae6d87
Instruction ID: ced3ba641e13ae5ac1d3bb88dad57a6e029da40b64ef2f7f2bab39c8b18941a4
Opcode Fuzzy Hash: 640bcae536cfee5b7fdda7f760eb40dbb49c74254705091a797e86edeaae6d87
Instruction Fuzzy Hash: 703137746053049BE7149A189C91BBBB7D6EB84750F58C96CE784572E0DB30EC808792

Function 00AD9D1E Relevance: 3.1, APIs: 2, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 00AD9D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 00AD9E78

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f84f473c94a8d2bea21b09a5077578d5194a43540e12127ee5c04f80e0d27862
Instruction ID: 6c6131a96004ba9b83173c99901bb59f88a32a44b405ca4a8c664f35e8965f6b
Opcode Fuzzy Hash: f84f473c94a8d2bea21b09a5077578d5194a43540e12127ee5c04f80e0d27862
Instruction Fuzzy Hash: 34411274D003009FE7149F7899D2A9A7FB1EB06324F50429DD4912F3E6C635940ACBE2

Function 00B0E0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 00B0E0E0

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: ca036de6c2ee3d10756c9f8aa35bd7814e73e451cd9fcf3c2a8c114622289473
Instruction ID: 82c60332e4f36e87f62ce22645815f40d308c0cc1f95d1e6a5562ee9757c6f57
Opcode Fuzzy Hash: ca036de6c2ee3d10756c9f8aa35bd7814e73e451cd9fcf3c2a8c114622289473
Instruction Fuzzy Hash: 15F0A032918252FBD2102F28BD06A973EE4EFC3760F0548B4F4009B1A0EF34E8168592

Function 00AD9EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00AD9ED2

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: efdbe813a6f2140def9a77b1959b1129e8b72da81afdc92a014663bb0d8ab3ca
Instruction ID: 87637a54f5cc6f9f022cc38338930425fb3712d3921d49867899e682206204b3
Opcode Fuzzy Hash: efdbe813a6f2140def9a77b1959b1129e8b72da81afdc92a014663bb0d8ab3ca
Instruction Fuzzy Hash: 57E02B33641602DBD700DB70FC47ED93356DB55341705C438E116C3072EE72E5109A50

Function 00B0C570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,00B0E0F9), ref: 00B0C590

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: f5063161d4f5a7c047f96940b69bd1dd9ff95f6c61148a50ed63195e002e2dc0
Instruction ID: ca142433218130928f4816317ec869c29a48c8901014318345b21105a5cadced
Opcode Fuzzy Hash: f5063161d4f5a7c047f96940b69bd1dd9ff95f6c61148a50ed63195e002e2dc0
Instruction Fuzzy Hash: C3D01232519132FBC6212F28BC15BD73B94DF49760F074891F444AB4B4CB24EC91DAD1

Function 00B0C55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00B0C561

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8ffc7de63bdf64b0be62ceec3731c98110a3553aa25a4f712da7799c8366e345
Instruction ID: b13e6be65d6fac12e0601d4c6fd4cc7c1087c1a13519ce0d0b9ecc87ea7e55a1
Opcode Fuzzy Hash: 8ffc7de63bdf64b0be62ceec3731c98110a3553aa25a4f712da7799c8366e345
Instruction Fuzzy Hash: E7A00172184110AADA662B24BC09B847A22AB58621F124291E1019A0B68A7198929A84

Function 00B291B7 Relevance: 1.3, APIs: 1, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00B2987E

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: e4b2f9a5a8587a16d61f732858aa34e7d001c9669854425bb7ff215fcb695123
Instruction ID: 44bebc9e9e328bf1335a2bcf383a28cd02d4a4cd0ab0ecf28a018f1bde241b43
Opcode Fuzzy Hash: e4b2f9a5a8587a16d61f732858aa34e7d001c9669854425bb7ff215fcb695123
Instruction Fuzzy Hash: 30E092B150C704EFD7082F14A84167DBBF5EF40710F12080DE8CDC6244D2700890CB1B

Function 00B294A2 Relevance: 1.3, APIs: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00B29D48

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: cadfc37aee55939b2726ed01ea583e97cdabb44745adfc49a0149e691aecc755
Instruction ID: 23e552ad2a08cd18731005464d56cc1aca9a5098284e0ba14b99e4a6acf25718
Opcode Fuzzy Hash: cadfc37aee55939b2726ed01ea583e97cdabb44745adfc49a0149e691aecc755
Instruction Fuzzy Hash: 23E01AB110C629CBD7086F34B1883BD3AF0FF05322F10066DE99EC5A84D6710C90DA46

Non-executed Functions

Function 00AF42D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00AF43AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00AF443E

Strings

%r?p, xrefs: 00AF595F
|r, xrefs: 00AF53A8
+$e, xrefs: 00AF437A, 00AF4365
DD, xrefs: 00AF5CEE
=:, xrefs: 00AF57CE
b`, xrefs: 00AF55F9
gd, xrefs: 00AF5E60
ut, xrefs: 00AF5CE3
+$e, xrefs: 00AF43FA, 00AF442B
n l, xrefs: 00AF596A
tj, xrefs: 00AF53BE
y{, xrefs: 00AF5B36
r:i8, xrefs: 00AF5899
<j:h, xrefs: 00AF5975
13, xrefs: 00AF5BFC
e>n<, xrefs: 00AF588E
uw, xrefs: 00AF5B57
N~4|, xrefs: 00AF593E
Xs, xrefs: 00AF5CD8
=?, xrefs: 00AF5BF1

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-1429676654
Opcode ID: 4d0bfc98eda437d9d406866c1ce34fc4bd46ff21eac136f78dfc3ecf10c982fb
Instruction ID: 2e041936bdaa7c8698d33475befe824be5dc2183008df8adf7a358f1f9eb540c
Opcode Fuzzy Hash: 4d0bfc98eda437d9d406866c1ce34fc4bd46ff21eac136f78dfc3ecf10c982fb
Instruction Fuzzy Hash: C8C20DB560D3848AD334CF54C4527DFBAF2FB82300F00892DD5E96B255DBB5864A8B9B

Function 00B09280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32 ref: 00B098DF
SysFreeString.OLEAUT32(?), ref: 00B098E5

Strings

gd, xrefs: 00B0968E
=hn, xrefs: 00B09676
:;$%, xrefs: 00B099C0
t"j, xrefs: 00B0966E
b{tu, xrefs: 00B092D9, 00B0939B
O^, xrefs: 00B097A6
SB, xrefs: 00B0979E
Jtuj, xrefs: 00B092E5

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: FreeString
String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
API String ID: 3341692771-1335595022
Opcode ID: 67ea87b0ec01af0c153d8aca81e32dad3babf6759afe5d9ea58ecfee73169140
Instruction ID: e5896dc632caa356a6f9cb3919690363a27f2e592174820d9b50ec89f7df1a25
Opcode Fuzzy Hash: 67ea87b0ec01af0c153d8aca81e32dad3babf6759afe5d9ea58ecfee73169140
Instruction Fuzzy Hash: 03221376A083419BE710CF24C880B5BBBE2EFC5354F18CA6CE5D49B3A2D675D845CB82

Function 00AE60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

ntxE, xrefs: 00AE6112
t~v:, xrefs: 00AE61E7
L4, xrefs: 00AE6780
JyTK, xrefs: 00AE6160
~mfQ, xrefs: 00AE613E
*,-", xrefs: 00AE66EF
qRb`, xrefs: 00AE6133
pt}w, xrefs: 00AE61F2
w}MI, xrefs: 00AE6128
L4, xrefs: 00AE6BA0
3F&D, xrefs: 00AE6273
uqrs, xrefs: 00AE6AF0
{zdy, xrefs: 00AE611D

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: acf925f6f5bb189b49ed2c4089051b432ef37eec5cf90dc89f2a33a72c9b7b77
Instruction ID: 1dbb7aeef4cd901e0e2221b319adac6c47bcbf8ae6f7aea4c5ada6ddb560c68f
Opcode Fuzzy Hash: acf925f6f5bb189b49ed2c4089051b432ef37eec5cf90dc89f2a33a72c9b7b77
Instruction Fuzzy Hash: 934224B26083918FC7248F29D8917AFB7E2FBE5340F19893DD4D98B256DB349805CB42

Function 00AE1227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON

Download Yara Rule

Strings

[, xrefs: 00AE1555
L, xrefs: 00AE1846
>, xrefs: 00AE16FF
`, xrefs: 00AE13A4
), xrefs: 00AE1A4D
+, xrefs: 00AE17CB
@, xrefs: 00AE17D0
F, xrefs: 00AE184E

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: )$+$>$@$F$L$[$`
API String ID: 0-4163809010
Opcode ID: 6427b09f652bc1a23518460654b3dcb3daa33a7fc56efa3666541920e64667df
Instruction ID: 66a4d6e923e2d3d8e2a8516e0f9c2c52ec0d9a8ca043053b8407f97de907d0ea
Opcode Fuzzy Hash: 6427b09f652bc1a23518460654b3dcb3daa33a7fc56efa3666541920e64667df
Instruction Fuzzy Hash: FD52807260C7D08BC324DB39C5957AEBBE1ABD9320F194A2EE4DAC7381D6748941CB43

Function 00AE747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00AE75C5

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: f9166ac94ad0262cce41d4b553979e3f74d6b5bccdb78e01982cd544bea76688
Instruction ID: 251f2e8c6a0df4a5e64eddf34f7ce57679006e2e3519ea6e62d4cd46334557ce
Opcode Fuzzy Hash: f9166ac94ad0262cce41d4b553979e3f74d6b5bccdb78e01982cd544bea76688
Instruction Fuzzy Hash: EE8236715083918BC724CF29C8917AFB7E1FFC9314F198A6CE8D59B2A5EB348805CB52

Function 00C99110 Relevance: 7.8, Strings: 5, Instructions: 1560COMMON

Download Yara Rule

Strings

[[*, xrefs: 00C9A003
|=, xrefs: 00C993BB
g7k, xrefs: 00C99258
Gv/g, xrefs: 00C99DBA
@{K, xrefs: 00C993AC

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: @{K$Gv/g$g7k$[[*$|=
API String ID: 0-2039726497
Opcode ID: 2e4fc65420040943e6959224f54882f5e53d29a21c8611a83d3d3a10e79f8556
Instruction ID: 8200ad2ac35f453dd364a14ef6b40650a1bd9a10a792fed8486ab29b26321af8
Opcode Fuzzy Hash: 2e4fc65420040943e6959224f54882f5e53d29a21c8611a83d3d3a10e79f8556
Instruction Fuzzy Hash: 7BB2E4F390C2049FE7047E29EC8577ABBE9EF94320F1A493DEAC487344E63598158697

Function 00AF81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00AF84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00AF85B4

Strings

LF7Y, xrefs: 00AF8951
_^]\, xrefs: 00AF8A15

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 9184f2fea639b45b959948d05025ccf348e10b9807d45d847250ff4b1a77486f
Instruction ID: 180fbdefa1de3b6310945e0c298aa21b00918640a8f54caa5915f07571937d70
Opcode Fuzzy Hash: 9184f2fea639b45b959948d05025ccf348e10b9807d45d847250ff4b1a77486f
Instruction Fuzzy Hash: A022F071948341CFD7248F28D88076FBBE1EF89310F598A6CFA99573A1DB359901CB52

Function 00AF83D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00AF84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00AF85B4

Strings

LF7Y, xrefs: 00AF8951
_^]\, xrefs: 00AF8A15

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: a539635d5de61354b0495b07779153f9d15c5217d23b1e3c6c4b72c6e0ef2f1c
Instruction ID: b0d0572e4790443db278790df11cff79581566aad3f8525f7cb040ecddcfed17
Opcode Fuzzy Hash: a539635d5de61354b0495b07779153f9d15c5217d23b1e3c6c4b72c6e0ef2f1c
Instruction Fuzzy Hash: 5112FF71948341CFD7248F28D88076FBBE1FF89310F598A6CEA99573A1DB359A01CB52

Function 00AF24E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

.[TU, xrefs: 00AF2538
"_,Y, xrefs: 00AF2530
=K0E, xrefs: 00AF2544
;GsA, xrefs: 00AF2520
pCj], xrefs: 00AF2528

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: 48021b429e8588257a8578fc9ff62a675c62d0d60ec44f2decac970130aaaa97
Instruction ID: 2622eaf4b1ecc93d14fb0fc7fcb579c703404fc00519b1579ad282ec4e4647e1
Opcode Fuzzy Hash: 48021b429e8588257a8578fc9ff62a675c62d0d60ec44f2decac970130aaaa97
Instruction Fuzzy Hash: A39112B16083049BC724DFA4C891B7BB7F5EF95754F18842CFA8A8B292E374E905C752

Function 00AE8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

SP, xrefs: 00AE8396
2h?n, xrefs: 00AE83A0
gfff, xrefs: 00AE8458
7, xrefs: 00AE8419
^`/4, xrefs: 00AE81E1

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: 8b56a0a3b611c2d6e6638e24706b003ff3a342e91d918602ba697c84870f7a79
Instruction ID: a4fe781617c7b4be596d0505fedfe2f1976eff2fdd1083ed404a2c0c4977f582
Opcode Fuzzy Hash: 8b56a0a3b611c2d6e6638e24706b003ff3a342e91d918602ba697c84870f7a79
Instruction Fuzzy Hash: 1BA12572A143518BD314CF29D8517AFB7E2FBC4314F59CA2DE889DB391EA3899028781

Function 00AF91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 00AF91DA

Strings

+Ku, xrefs: 00AF92AF
wpq, xrefs: 00AF92B7

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: d609b267374e72ba84d1f3a37c9ae4ee810cf0811a376dd85fff18fcee4649dd
Instruction ID: d62310f0f3a919e1d31a80d1ab811fa2de044fe122e155065de3457002606d85
Opcode Fuzzy Hash: d609b267374e72ba84d1f3a37c9ae4ee810cf0811a376dd85fff18fcee4649dd
Instruction Fuzzy Hash: 0451BD7220C3158FC324CF69984076FB6F6EBC5310F55892EE59ACB285DB30D50A8B92

Function 00AF90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00AF9170

Strings

M/(, xrefs: 00AF919E
M/(, xrefs: 00AF913D

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: deadbe633eefe82bb28250900f8c4dcef0b5a9077867a2199f377a0eb94c4f45
Instruction ID: 9d3b7c46eab932a15b3cc20f7cb5d93e991d18ac408f9a293683b60d88b1659d
Opcode Fuzzy Hash: deadbe633eefe82bb28250900f8c4dcef0b5a9077867a2199f377a0eb94c4f45
Instruction Fuzzy Hash: F421237165C3515FE714CE34988179FF7AAEBC2700F01892CE0D1EB1C5D675980B8756

Function 00CA008D Relevance: 4.9, Strings: 3, Instructions: 1190COMMON

Download Yara Rule

Strings

s~0, xrefs: 00CA09F8
t ?6, xrefs: 00CA0561
AfOX, xrefs: 00CA0B23

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: AfOX$s~0$t ?6
API String ID: 0-2108244636
Opcode ID: d2dec260a762f7c3bc186af2b676aff739b3953315023a472a9cfd04fb22a688
Instruction ID: 770fb897e6a88e48b6cfcf583dcf3d95c382259baae2645593d2b83a4a0b60e7
Opcode Fuzzy Hash: d2dec260a762f7c3bc186af2b676aff739b3953315023a472a9cfd04fb22a688
Instruction Fuzzy Hash: ED82F4F360C2049FE3046E29EC8567AFBE9EFD4320F16893DE6C4C7744EA3598458696

Function 00AFA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

<\hX, xrefs: 00AFA236
_^]\, xrefs: 00AFA49C, 00AFA188
.txt, xrefs: 00AFA371

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: 2ec22d66cfb577f151aad14fe53df16daa71c58d5213cee56f8f491bcba5ddde
Instruction ID: 3063fd16cee3c4ac11b7503f0aeddfe4422cc8d8d6c591e65fa2afb2ad8b7878
Opcode Fuzzy Hash: 2ec22d66cfb577f151aad14fe53df16daa71c58d5213cee56f8f491bcba5ddde
Instruction Fuzzy Hash: D0C130B060C344DFD708DF28D8416BABBF2EF95310F488AACF199472A2DB359945CB52

Function 00AED003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

bh, xrefs: 00AED4D6
[V, xrefs: 00AED4DD

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: ab276775561598974e2e63309864901e88965079af7edd0caabf186d1a228cfa
Instruction ID: 918fd55109a1dd294a1e740d68199b11e694656e732c9e856e95fdd0e0a1218e
Opcode Fuzzy Hash: ab276775561598974e2e63309864901e88965079af7edd0caabf186d1a228cfa
Instruction Fuzzy Hash: 693237B1911712CBCB24CF29C8916BBB7B1FF95310F18825DD8969F394E734A941CB91

Function 00B5B3B1 Relevance: 3.0, Strings: 2, Instructions: 496COMMON

Download Yara Rule

Strings

`e, xrefs: 00B5B952
S[_, xrefs: 00B5B8A0

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: S[_$`e
API String ID: 0-160615473
Opcode ID: 78f7637b6d099289a425e6c201d2b897518bb84c2c18caeee2901abee7eeeccc
Instruction ID: 4953c67a22a1b02bcec5654e5f1b976fe625c1233b1570b1ac18a3eb4cf1246b
Opcode Fuzzy Hash: 78f7637b6d099289a425e6c201d2b897518bb84c2c18caeee2901abee7eeeccc
Instruction Fuzzy Hash: C2F1ACF3E142204BF3544D29DC98366B692ABA4321F2F827C9E9CA77C5E97E5C0943C5

Function 00C16098 Relevance: 3.0, Strings: 2, Instructions: 460COMMON

Download Yara Rule

Strings

}, xrefs: 00C166AC
xKvk, xrefs: 00C1655C

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: xKvk$}
API String ID: 0-2956352208
Opcode ID: f5d5454f75a479de4b7ef1d85bf790ed7f295dd77dd65168dab726fbce8f2ff9
Instruction ID: e1746d80f73b9b0e9bd266836c6a1c80a6f259d272ebd7b0cea9dc53ca69c806
Opcode Fuzzy Hash: f5d5454f75a479de4b7ef1d85bf790ed7f295dd77dd65168dab726fbce8f2ff9
Instruction Fuzzy Hash: F5E1F3F3F216204BF3404969DD993A67692EB94324F2F853D9F88A73C5D87E9C094384

Function 00B58385 Relevance: 3.0, Strings: 2, Instructions: 457COMMON

Download Yara Rule

Strings

##v, xrefs: 00B588EA
:I@l, xrefs: 00B58934

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: ##v$:I@l
API String ID: 0-3337809756
Opcode ID: 30ccdd0dfa74db3e84b735b6fe9e8ce1e6c229f84242d668d0ad9492411f1520
Instruction ID: a3f77937396c45c988eadc92ca07178daf960561d84bcaf4e6b716e766dc10c6
Opcode Fuzzy Hash: 30ccdd0dfa74db3e84b735b6fe9e8ce1e6c229f84242d668d0ad9492411f1520
Instruction Fuzzy Hash: 9BE1DDF3F116204BF3584938DD9836A6693DBD4320F2B823D9A9D67BC4EC7E5C0A4285

Function 00AD4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

), xrefs: 00AD42EB
IEND, xrefs: 00AD4661

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 7a619555fb7bb3dfd68cc119b7703e82a11adb770dfafa459cd8b2ac6c09d843
Instruction ID: 8f3ff2161bc9f4ad616a1a2b53ccbb326d0d49dd0aa346206cc670069dec3f5e
Opcode Fuzzy Hash: 7a619555fb7bb3dfd68cc119b7703e82a11adb770dfafa459cd8b2ac6c09d843
Instruction Fuzzy Hash: 20D190B15083449FD720CF18D845B9EBBE4EF99304F14492EF99A9B381D775E908CB92

Function 00C1F253 Relevance: 2.7, Strings: 2, Instructions: 232COMMON

Download Yara Rule

Strings

q+5, xrefs: 00C1F366
^`~k, xrefs: 00C1F348

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: ^`~k$q+5
API String ID: 0-789825151
Opcode ID: 8f2456836cd209bd17680eff1013641aa3ecfff348dd14cce1c9272840fe5a94
Instruction ID: e1762d6818f77f535a8e91360bbcafc1078c013d19828f2552c596ab0edbd134
Opcode Fuzzy Hash: 8f2456836cd209bd17680eff1013641aa3ecfff348dd14cce1c9272840fe5a94
Instruction Fuzzy Hash: 777147F3A082009BE314AE2CEC9577AB7D5EBD8320F1B453DEAC5D3744EA7958018696

Function 00BF914C Relevance: 1.8, Strings: 1, Instructions: 539COMMON

Download Yara Rule

Strings

BV5, xrefs: 00BF980B

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: BV5
API String ID: 0-63425594
Opcode ID: f9d32bed5b2b24761f18c42ea388f125dce0ca831887ec3a382abf31c4a0a6b5
Instruction ID: d50f615c13f8be6e9c39d5550db1d2ea8377a61bf232967e250fe5de66b419b5
Opcode Fuzzy Hash: f9d32bed5b2b24761f18c42ea388f125dce0ca831887ec3a382abf31c4a0a6b5
Instruction Fuzzy Hash: 4202C0F3F116244BF3444939DD883A67693EBD0324F2F86389A88977C9DD7E9D0A5284

Function 00B9A041 Relevance: 1.8, Strings: 1, Instructions: 536COMMON

Download Yara Rule

Strings

rJm^, xrefs: 00B9A6EF

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: rJm^
API String ID: 0-3254769156
Opcode ID: e383bad795d75d3a1f8202c4a5814161c0889a15607acb3202213822894bb9e9
Instruction ID: fe8396185cbf867c3fb38a599f25073689e0cbb4764c688e9d0e4984deb343c4
Opcode Fuzzy Hash: e383bad795d75d3a1f8202c4a5814161c0889a15607acb3202213822894bb9e9
Instruction Fuzzy Hash: 4F0200F3E152154BF3041E29DD58366BB92EBD4320F2B863D9B88977C4D97E9C058384

Function 00B4E3C4 Relevance: 1.8, Strings: 1, Instructions: 523COMMON

Download Yara Rule

Strings

5~{, xrefs: 00B4E9D3

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: 5~{
API String ID: 0-1966471441
Opcode ID: 7691b1b8ce31329caaa88b7bad255853b61713baeda5e4eea04fcc3df2c83e2e
Instruction ID: c53b257a49aae47ac485225b0948192d90679f29ecc3c86984ecdef3b170a27a
Opcode Fuzzy Hash: 7691b1b8ce31329caaa88b7bad255853b61713baeda5e4eea04fcc3df2c83e2e
Instruction Fuzzy Hash: AA02EFF3F146208BF3445E28DC98366B692EB94320F2B863DDB89977C5D97E5C098385

Function 00AFD17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 00AFD2A4

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: b23ae812eb969aae8d9f05675a01e86cbffb61fd55a608c4b41ed6ac7be943ad
Instruction ID: b94d53654addf654a751d06f92b30e30f249bac34c27c237ab17db35189b5d99
Opcode Fuzzy Hash: b23ae812eb969aae8d9f05675a01e86cbffb61fd55a608c4b41ed6ac7be943ad
Instruction Fuzzy Hash: AB41A2706043829BE3258B74C9A0BB2BFE1EF57314F28868CE5D64B393D635E8469791

Function 00AFD34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON

Download Yara Rule

Strings

><+, xrefs: 00AFD353

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: ><+
API String ID: 0-2918635699
Opcode ID: baa7f1e3164c6d91c581fdb79b4a9f43168966673d233f16e1ad4a27c29960f7
Instruction ID: 598997bcf2288c18a013d25ac66c688eb3c7935790c580d95150e02b45b217fa
Opcode Fuzzy Hash: baa7f1e3164c6d91c581fdb79b4a9f43168966673d233f16e1ad4a27c29960f7
Instruction Fuzzy Hash: FBC1C1756047428FD725CF2AC490762FBE2BF9A310F28869DD5DA8B792C735E806CB50

Function 00AFB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 00AFB458

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction ID: 223ba21b23035733d71fb8dc2c533c848a779d9e0ff3ba442d8288e7693ceb7d
Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction Fuzzy Hash: 22C1F8B2A183195BD7258FA4C45077BB7F5AF84310F198A2DF69A8B382E734DC4487A1

Function 00BDA5AB Relevance: 1.6, Strings: 1, Instructions: 391COMMON

Download Yara Rule

Strings

!&u, xrefs: 00BDA997

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: !&u
API String ID: 0-44634257
Opcode ID: d423bce100d1675679c4057febb8b53f86641e6bb2135a653aa50ae1906d39a5
Instruction ID: cd5e69b76a018b8e0f5fac44b10404973908381c0899efe6725d00b9bb032326
Opcode Fuzzy Hash: d423bce100d1675679c4057febb8b53f86641e6bb2135a653aa50ae1906d39a5
Instruction Fuzzy Hash: E8C1FEF3E142254BF3044A29DC993A6B692DB94320F2F463D9F89AB3C5E97E5C0583C4

Function 00C1D00E Relevance: 1.6, Strings: 1, Instructions: 354COMMON

Download Yara Rule

Strings

H, xrefs: 00C1D266

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: 13a8bdf7a3151ccd991d4f8fd8d92d77d6b60112a973f76c8722578b3759e36d
Instruction ID: c4798dfd97ab3d939dc702308096f2ca801bfa6524ee16a0777f4d2857fd6e7d
Opcode Fuzzy Hash: 13a8bdf7a3151ccd991d4f8fd8d92d77d6b60112a973f76c8722578b3759e36d
Instruction Fuzzy Hash: 20C123F7F115250BF3984839CD683A6658397E4324F2F82788E9DAB7C9DC7E5C0A5284

Function 00BA10E2 Relevance: 1.6, Strings: 1, Instructions: 348COMMON

Download Yara Rule

Strings

\, xrefs: 00BA11D7

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 7956d33963229199bd3d1fbb8e7355a4bf55d3a69f38c11d01d2d7ef8e370bc4
Instruction ID: 8151635a91dba894877bdc843b3ebc178cacc19c8612e878b08c6135284636f2
Opcode Fuzzy Hash: 7956d33963229199bd3d1fbb8e7355a4bf55d3a69f38c11d01d2d7ef8e370bc4
Instruction Fuzzy Hash: 68C159F7F1152547F3544829CC583A2668397E5325F2F82788F5DAB7C5EC7E9C0A1284

Function 00B46357 Relevance: 1.5, Strings: 1, Instructions: 299COMMON

Download Yara Rule

Strings

a, xrefs: 00B464F8

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: a
API String ID: 0-3904355907
Opcode ID: 4b3cd8352a6ac71d8ff2c103044b754c0029ca0e91865d3a90910460c46ca0bb
Instruction ID: a4afafefaf2836497bd91769e21247aadddd098f9e7b74291e8ab33be62acaaf
Opcode Fuzzy Hash: 4b3cd8352a6ac71d8ff2c103044b754c0029ca0e91865d3a90910460c46ca0bb
Instruction Fuzzy Hash: 36A1ADB7F1222547F3544D29CC583A26683ABD4325F2F82788E9C6B7C9DC7E6C4A5384

Function 00AF7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00AF7465

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: 1ed751d20c406455778b7acd3095e513faae59af8896c513bef68fc78e98b07e
Instruction ID: e04aa871b47a5c12e5dc5b1f0abd58038ae62e3a0bd92601089b06fee7704b52
Opcode Fuzzy Hash: 1ed751d20c406455778b7acd3095e513faae59af8896c513bef68fc78e98b07e
Instruction Fuzzy Hash: 5D7126B1A083045BD7289BA8DC92B7F76E1DF85318F18852CF68697292E274DC058752

Function 00BA4305 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

x, xrefs: 00BA43CC

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: x
API String ID: 0-2363233923
Opcode ID: 9e2075b111556f68693f50c6dbcdfdf99a9809b3f69376d9ffb533df2023d607
Instruction ID: 8f1eb734e935a129d76a7b68ca0f3359349433d9861c094644b697a723aab845
Opcode Fuzzy Hash: 9e2075b111556f68693f50c6dbcdfdf99a9809b3f69376d9ffb533df2023d607
Instruction Fuzzy Hash: 599177F7F111244BF3544928CC683A27693EBD5314F2F81788B896B7C9D97EAD0A5388

Function 00BA9289 Relevance: 1.5, Strings: 1, Instructions: 239COMMON

Download Yara Rule

Strings

#, xrefs: 00BA9412

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 6603242d97c93b548151173444c001ffa5800a9cb239b4416773bb679d2ea753
Instruction ID: b411c2137cc3403a05666567d73a18ce8f7d40d98f969ab183fc918d13070bb5
Opcode Fuzzy Hash: 6603242d97c93b548151173444c001ffa5800a9cb239b4416773bb679d2ea753
Instruction Fuzzy Hash: 1A818EB3F112254BF3544D29CC593A27283EBD5310F2F81788A8CAB7C4D97EAD4A5384

Function 00ADD021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00ADD455

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 83b0425418286dac03fddad1f6846a0c2aa515e75b5f71228554cde69729d7ed
Instruction ID: b5740a17ffad7362d8f34625db9819b6e912866a24ac3e0562c411cf963ad43d
Opcode Fuzzy Hash: 83b0425418286dac03fddad1f6846a0c2aa515e75b5f71228554cde69729d7ed
Instruction Fuzzy Hash: 6F5112743813008FC7248F28D8D0AB6BBE1EB99714B98C86ED5979B766C771F842CB51

Function 00AFC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 00AFC173

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: f48b58b42ac766c56c427c11e56b66cbd4ec199365a2e0f955ccb3dff09085cc
Instruction ID: 755617b51dde09bf0b00fe4b82173d815d777c7c691528c5cdbfcea58999a47b
Opcode Fuzzy Hash: f48b58b42ac766c56c427c11e56b66cbd4ec199365a2e0f955ccb3dff09085cc
Instruction Fuzzy Hash: B0511821604B804BD729CB3A89613B7BBD3AFDB320B5C969DD4D7C7686CA3CE4068714

Function 00BBC030 Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

>U2#, xrefs: 00BBC030

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: >U2#
API String ID: 0-349215190
Opcode ID: 338122133416692aec9af9637c77cd0e9b7c459c496dec347638186664545540
Instruction ID: 05cdba3c7ce2a4d02a37a02f0419fc409c7b897bc8aaedfc5890141d9450c3ce
Opcode Fuzzy Hash: 338122133416692aec9af9637c77cd0e9b7c459c496dec347638186664545540
Instruction Fuzzy Hash: 3F7159B3F1112547F3544D28CD98362B693AB95320F2F42798E4D6B7C4D97EAD0A53C4

Function 00AFC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 00AFC173

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 44cb347318f8af0d08c75f7bfaa8ec1c4d27597ae5686d9880c14c20f23f0a7b
Instruction ID: ce768bd24e30889273b6482f8db1d29237c9880dbf28ab75b44dabfa4f5e3bd7
Opcode Fuzzy Hash: 44cb347318f8af0d08c75f7bfaa8ec1c4d27597ae5686d9880c14c20f23f0a7b
Instruction Fuzzy Hash: A1510825614B804AD729CB3A89503B37BD3AF97320F5C969DD4D7D7A86CA3C94028714

Function 00BD6038 Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

C, xrefs: 00BD6132

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: a27f811335fec334df637056a318f2eaf0a03b08b1239a927684ae6e4beaeaf4
Instruction ID: a53c2246a051f499c5406d7e1872a3aaa105f80e314e8f8178f95afc7ea3c0a7
Opcode Fuzzy Hash: a27f811335fec334df637056a318f2eaf0a03b08b1239a927684ae6e4beaeaf4
Instruction Fuzzy Hash: 9E718BB3F102254BF3544D29CD983627693EBD5320F2F46788B886B7C5D93E6D0A9388

Function 00BE11D1 Relevance: 1.5, Strings: 1, Instructions: 205COMMON

Download Yara Rule

Strings

F?Ei, xrefs: 00BE1247

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: F?Ei
API String ID: 0-158079212
Opcode ID: 3294df478a42be1a1dfb59621106ccf7335ed9fa6efef33f16c53ddb35218e8a
Instruction ID: e00c2b7120c6442876e6e82d5c73d5752aea0fac234dd6798a8033dfbc2760b0
Opcode Fuzzy Hash: 3294df478a42be1a1dfb59621106ccf7335ed9fa6efef33f16c53ddb35218e8a
Instruction Fuzzy Hash: 3451F8F3D0D2009BF3046E39EC8476ABBE5EBD8720F16863DEAD893784D5355C058686

Function 00BE20FF Relevance: 1.4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

cTd, xrefs: 00BE2101

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: cTd
API String ID: 0-2845517995
Opcode ID: 183e79bd2c5a0e8022946b1128af581bf49b88f24d24544102af6d8f032ddf40
Instruction ID: 61f66cc12d12cb1ada3ee70f668ab5604a28c2996641e04bfc35309cab7d8998
Opcode Fuzzy Hash: 183e79bd2c5a0e8022946b1128af581bf49b88f24d24544102af6d8f032ddf40
Instruction Fuzzy Hash: 1051ADF3F201208BF3444928CC693627692DB99325F2F82788F5D6B7C5D97E6C095388

Function 00B11160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 00B1123B

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 901749d4caa68fca5ec9eb29b125caee317a80ec106459687bf856e1571a6e4b
Instruction ID: c2c4e12917560723f0047ec33d7cf924963036d799eb1c743d5d25081f6f7169
Opcode Fuzzy Hash: 901749d4caa68fca5ec9eb29b125caee317a80ec106459687bf856e1571a6e4b
Instruction Fuzzy Hash: 494120B1A053009BD7188F18DC56BBBBBE1FFD5314F488A5CE6955B3A0E335A844C782

Function 00AFC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 00AFD9F4

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: b07fc104ccc58fe1fae83a7a85410434cd2ad725e6cec72aa46cab7ff582d80b
Instruction ID: b8f7acee4458fce9167200ab6c3089cef8e809d26903bc7bf3059f96b8858057
Opcode Fuzzy Hash: b07fc104ccc58fe1fae83a7a85410434cd2ad725e6cec72aa46cab7ff582d80b
Instruction Fuzzy Hash: 7D41E3711046928FD7228F79C8507B2FBE2FF97310B189698D4E28B796CB34E845CB50

Function 00B10340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 00B103AD

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: e01ad709c9ef6450d99d828a4a222fca9f7ae80bf909951ccd8c5e236e88d288
Instruction ID: 42bafc81145813eb3cee647de6d16583128624f164b432dedec7f49c5d1d6817
Opcode Fuzzy Hash: e01ad709c9ef6450d99d828a4a222fca9f7ae80bf909951ccd8c5e236e88d288
Instruction Fuzzy Hash: 9031FF716083048BC314EF58D8C26AFBBF4EBC5324F54892CE69887390D7759988CB92

Function 00AFE180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a9fc410104670ada56725387654c163a6af9c30550e1ec6851685c16bcfe7fb
Instruction ID: 1081ba71fd0e945099caa0d429fe9a06db0744a22b8c7b5e0f35526e79f42e45
Opcode Fuzzy Hash: 9a9fc410104670ada56725387654c163a6af9c30550e1ec6851685c16bcfe7fb
Instruction Fuzzy Hash: EA62B4F1511B019FC3A1CF29C881793BBE9BB89350F64496EE5AED7311CB7069418F92

Function 00AD73D0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction ID: 0ad0460643fed22380305d935fa584ef9eb1c74c12df29b1be24686007adb668
Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction Fuzzy Hash: 2C229032A087118BC729DF18D9816AFB3E1EFC4315F19892ED9C697385E734A855CB82

Function 00BE711B Relevance: .6, Instructions: 561COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25c1eb799e15eb82c767d0c7902cce1c1a88617f0605fc68c30e18dd9448f0c8
Instruction ID: 700e1a1749ae46f26985d64c446caac330451c407f2c0f2fd46c51f0ca0e3413
Opcode Fuzzy Hash: 25c1eb799e15eb82c767d0c7902cce1c1a88617f0605fc68c30e18dd9448f0c8
Instruction Fuzzy Hash: 3C12DEF3F116244BF3444938DC59366B682DB94320F2F82399F99AB7C5EC7E9C0A4284

Function 00B351AC Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72cbd1129aaf2039af30b22c4ea0005aad629446383e1e80f588684be665e9fd
Instruction ID: 959ddaa871a2aaad160fb0a71814798245dd6cadf37afeb07dd342c40368066e
Opcode Fuzzy Hash: 72cbd1129aaf2039af30b22c4ea0005aad629446383e1e80f588684be665e9fd
Instruction Fuzzy Hash: 4402F2F3E106244BF3585939CD583A676C2DB94320F2F823D9B99A77C9E87E9D094284

Function 00B54055 Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 299193c42391c879f4dc8eecf9176e00ea4ad111350b8af8bf1e76b281767630
Instruction ID: dab12ee30a3b0510e41a353ce5e641efc28e9c3522c2a823e899176d2dfa8447
Opcode Fuzzy Hash: 299193c42391c879f4dc8eecf9176e00ea4ad111350b8af8bf1e76b281767630
Instruction Fuzzy Hash: 3402DEF3E116244BF3544D79CC883A6B692EB94320F2F863C9E8CA77C4D97E5C094284

Function 00C330A1 Relevance: .5, Instructions: 519COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60e45a7eebd1d3bed7912a63a7a87cbdeb254c71aa54ffbc7e06bd35f170fe3d
Instruction ID: ef937bb921cab7dc29adf32a7780710d1053799aaa8a125a593766b3cb72e1a8
Opcode Fuzzy Hash: 60e45a7eebd1d3bed7912a63a7a87cbdeb254c71aa54ffbc7e06bd35f170fe3d
Instruction Fuzzy Hash: CC02BFF3F116204BF3544D29DC98366B692EB94320F2B863C8E9CAB7C4D97E5D098785

Function 00B37009 Relevance: .5, Instructions: 516COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c6f84a4e0ef2c295ea24d8ffd9e27147191a9639cebaf85fc1c17b7be432efe
Instruction ID: 0c75c87ab2fc314d0191098c22bb2b9758302c8b26791362719dc13a62cd5d3a
Opcode Fuzzy Hash: 8c6f84a4e0ef2c295ea24d8ffd9e27147191a9639cebaf85fc1c17b7be432efe
Instruction Fuzzy Hash: C102C2F3E141244BF3545E29DC59366B692EB94320F2F863DDE88A77C4E93E9D098384

Function 00B5D1B9 Relevance: .4, Instructions: 442COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95321e702ba7f4fe42174d6071ec0894dcb8042fc32d3f7cdf5d0dd4132c3c9a
Instruction ID: 1b5266a1e39cc55fb0654d72e48e9321df7a0b8fe0c56519a8b7f097e1a0577c
Opcode Fuzzy Hash: 95321e702ba7f4fe42174d6071ec0894dcb8042fc32d3f7cdf5d0dd4132c3c9a
Instruction Fuzzy Hash: C1E1E1F3E151158BF3444E29DC583A6B792EBD4320F2B423DDA88977C4E93EAC098385

Function 00BC0377 Relevance: .4, Instructions: 414COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06a1bfeca54ae42d5f4cfaf1eaf0dd58a7fa102e04de68b541cf63aff7669c5c
Instruction ID: 4884899c05b6a7f97eb16e760bc60f1cf6f99778f8511272287c2f80e9a5ecd5
Opcode Fuzzy Hash: 06a1bfeca54ae42d5f4cfaf1eaf0dd58a7fa102e04de68b541cf63aff7669c5c
Instruction Fuzzy Hash: 5BE179F7E5162547F3544878CD983A26683E7A1324F2F82788F6D6BBC9D87E5D0A02C4

Function 00B3120A Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e7550086d4e12639f50ff87f19a645f3c2faa933fb78772beb9b1e4afbd2822
Instruction ID: d6a5498d955a3c2f5fbab3168c1d2f9005c6af1bfad5b5483e4a7a003517bf0a
Opcode Fuzzy Hash: 2e7550086d4e12639f50ff87f19a645f3c2faa933fb78772beb9b1e4afbd2822
Instruction Fuzzy Hash: B7C146F7F506250BF3484878DDA83A26582D790325F2F82788F5DAB7C5D87E5D0A5388

Function 00B42147 Relevance: .4, Instructions: 364COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a112c9818dd4466e19c5e918564276523118cba23185737a3231f7c2f3e60b4
Instruction ID: 658bc9acd549d384b930d9c49c5f79ca4103acc6c10b88451bc77b171c4b1195
Opcode Fuzzy Hash: 2a112c9818dd4466e19c5e918564276523118cba23185737a3231f7c2f3e60b4
Instruction Fuzzy Hash: 72C168B3F1162547F3944928CD993A26683DBD4320F2F81798F896BBCADC7E5D0A5284

Function 00C3A189 Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa4caa2e450befc86ef916045d1553ba57457d74713f065692e4e7c258f21244
Instruction ID: 96c52054aaff07d890a9f0dce60cc04e72574a513002ce381245177eefad0d09
Opcode Fuzzy Hash: aa4caa2e450befc86ef916045d1553ba57457d74713f065692e4e7c258f21244
Instruction Fuzzy Hash: D9C19CB3F115254BF3544D29CC983A26693DBE5324F2F82788E5CABBC9D87E5C0A5284

Function 00BD9107 Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05ef5ad3510b92244716186ee17b87173d190b626193666b9d47ff297b19d32b
Instruction ID: 04ba4b4a50d58f05e8346d64f2b3498be864e1ea4312e5062081aaf78ac2d404
Opcode Fuzzy Hash: 05ef5ad3510b92244716186ee17b87173d190b626193666b9d47ff297b19d32b
Instruction Fuzzy Hash: 47C145F3F1122547F3544929DC983A26283DBE4315F2F81798F486B7C9E97E9C0A5388

Function 00B663D1 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c15dd2f8e062ed75df04593dfc8916241ae2d9eae112b129472aba8c716e12cb
Instruction ID: 0fd17d337d418cf4463347944f3f82718c816d047976bbabdde41526e7f67baf
Opcode Fuzzy Hash: c15dd2f8e062ed75df04593dfc8916241ae2d9eae112b129472aba8c716e12cb
Instruction Fuzzy Hash: F3C16BB3F502254BF3444968DC983A27653EB95324F2F81788F4CAB7C5D9BE9D0A9384

Function 00BE03BF Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baa815db730d2b9e96c835e6d05394da36fa89ce9045a81cad03074e9fef68ef
Instruction ID: befc8d5a777683a74c379a7c247d8b939307cb84a37907bb9c17275a8bc174e6
Opcode Fuzzy Hash: baa815db730d2b9e96c835e6d05394da36fa89ce9045a81cad03074e9fef68ef
Instruction Fuzzy Hash: 5CC178F3F116254BF3484938CC6836266839B95325F2F82788F6D6B7C5E87E5D0A5384

Function 00BB3162 Relevance: .3, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7764686b498a51d826ecffe4da09251a1cca981f591405fdef8c01b7a86f0f23
Instruction ID: 13c8e2e577a447b3fe253c588d8d5f61b64b7fee361ca8c94385e00ca1739db2
Opcode Fuzzy Hash: 7764686b498a51d826ecffe4da09251a1cca981f591405fdef8c01b7a86f0f23
Instruction Fuzzy Hash: B0C158F3F215254BF3944938CD583A26683ABD0325F2F82788E9DAB7C4D87E9D095384

Function 00C001AE Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 555ae6be8eab036c4bdf91d69120fc8f059a0b24a6929dc236f8d9bddf01b2e2
Instruction ID: a6da1387503bd73a1d7da83be73d3367297f9a622ec5e1cb6260dbc2fb07bf94
Opcode Fuzzy Hash: 555ae6be8eab036c4bdf91d69120fc8f059a0b24a6929dc236f8d9bddf01b2e2
Instruction Fuzzy Hash: F7C18CF3F1122547F3444929CCA83A26683DBD1321F2F82799B59AB7C9DC7E9D0A5384

Function 00AEE220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c16b457dc4840992a805142375a60200ac29c32793fea04d83ac721926e68c82
Instruction ID: 12ddf0356c9ccbbf8046a9a70fa359e3cf204b4d44ecae4a5c1a3e3e3f751a7a
Opcode Fuzzy Hash: c16b457dc4840992a805142375a60200ac29c32793fea04d83ac721926e68c82
Instruction Fuzzy Hash: 14B1C575504342AFD720DF25CD41B6ABBE2EFD4314F148A3DF898972A1EB32D9548B82

Function 00B782E0 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0003321b3108509592a67fc0589b38b20cd873d9b00062870cb95fe2abcbc6e
Instruction ID: 76d1ceb2808d370c15ee750a268ac7830de6c9b6f8277df54ce121266f413ded
Opcode Fuzzy Hash: d0003321b3108509592a67fc0589b38b20cd873d9b00062870cb95fe2abcbc6e
Instruction Fuzzy Hash: E1B158B3F5122547F3544878CD983A266839795324F2F82789F6CAB7C5D8BE9D0A43C8

Function 00B503A2 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f33577dee65fbc35061a91932db87068001843a43302590dc14400e845a33e24
Instruction ID: 336a275123bd042dee4f67d8b61c680c030c267df12cdb2f76a339b18befd59d
Opcode Fuzzy Hash: f33577dee65fbc35061a91932db87068001843a43302590dc14400e845a33e24
Instruction Fuzzy Hash: E5B1ACF3F1022547F3484939CCA83627683EBD4324F2E82788F59AB7C5D97E9D095288

Function 00C0E49A Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d81c103451d850a478a056977c5b8dfb489ce31bac119c75603773133ffcee
Instruction ID: cc0f4dbc87e930fbfb96f8731f53308b2e88923f38d321799beb372ff9cb70c5
Opcode Fuzzy Hash: 93d81c103451d850a478a056977c5b8dfb489ce31bac119c75603773133ffcee
Instruction Fuzzy Hash: 11B17AB3F5153107F3584878CDA83A666839794324F2F82798E1DABBC9DCBE5D0A42C4

Function 00B362F4 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a338f11b6a5628a63516b2eb50c01a017598045217c322825ab57baa1c347fbd
Instruction ID: b7557811e40fe6a0c3964c8ba9dcf20c8ac9191ef6d6f017e09d7f2aa68e41b7
Opcode Fuzzy Hash: a338f11b6a5628a63516b2eb50c01a017598045217c322825ab57baa1c347fbd
Instruction Fuzzy Hash: 32B1AAF7F116204BF3544979DD983A2668397E4324F2F82788F5CAB7C5D87E5C0A5284

Function 00B8C20E Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c1ed4b8432a1a29e38d3bff680ba7bd28048b0d19fa9ca5a5ac25ad99e58eab
Instruction ID: 5b9c694b7f5443ad2f1c4f94030711e1d7631a540bc567c9f4c4e805a7db5d07
Opcode Fuzzy Hash: 4c1ed4b8432a1a29e38d3bff680ba7bd28048b0d19fa9ca5a5ac25ad99e58eab
Instruction Fuzzy Hash: 2FB169F7F5162147F3944839DD583A265839BE5324F2F82788E5CABBC9DC7E4C0A5284

Function 00B7F031 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ad4d01e0b84ad4b7cbcdcb9975a3076c6f5d46dd52beea87c640cb9eabae7ba
Instruction ID: e50055481e19cefb8159d8561dc96dca0c20722b2c739162108e2c9f50b63fa5
Opcode Fuzzy Hash: 9ad4d01e0b84ad4b7cbcdcb9975a3076c6f5d46dd52beea87c640cb9eabae7ba
Instruction Fuzzy Hash: DEB1CFF7F515210BF3484929DC993A22683DBD4315F2F81398B49AB7CADC7E9C0A5384

Function 00C1E19E Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0955acd2c2f5339757955cff5d773f8d3b725f0a98b2f5eaf49ce1ca1c95223
Instruction ID: 0eb3d19e1e27bb56e4b20fb6c008e8095a1d8b9b8a217488d866f4e4097d27a3
Opcode Fuzzy Hash: d0955acd2c2f5339757955cff5d773f8d3b725f0a98b2f5eaf49ce1ca1c95223
Instruction Fuzzy Hash: 58B17CF3F2162147F3984878CD9936265839795324F2F82788F6CAB7C5DC7E9D0A5284

Function 00BAF060 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d5cee387bdbc1e9486d523c7d9340420b6697f7f6c1bea533bc0ed40f8d58f6
Instruction ID: 3e2ddf428443ca34978664c5a2986a72723e32e9fe2c1624efffa571ab6a5a3a
Opcode Fuzzy Hash: 7d5cee387bdbc1e9486d523c7d9340420b6697f7f6c1bea533bc0ed40f8d58f6
Instruction Fuzzy Hash: C3B17AF3F506254BF3544878DD983A22583D795324F2F82788F5CABBCAD87E9D0A5284

Function 00C102AC Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 137acaa25dbf014c835bd17213e965fce978733b0a4e19a415ade219302d95f9
Instruction ID: 832d201eb87150572a05d57f5b512ad82613943ec7ba4a73c4f83f61893a5260
Opcode Fuzzy Hash: 137acaa25dbf014c835bd17213e965fce978733b0a4e19a415ade219302d95f9
Instruction Fuzzy Hash: 07B199B3F1162507F3584868DD983A26183DBD4324F2F82388F5CABBC5D8BE9C4A5384

Function 00B7E20E Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d46410094f7707f548b56630705fb4fbe5e00aaa7019fafe7b2523747dac5bef
Instruction ID: 413c85ab88afa0cba2b117e8450ebd137b31d0f9dcb4789eeeea5e1ce94782b5
Opcode Fuzzy Hash: d46410094f7707f548b56630705fb4fbe5e00aaa7019fafe7b2523747dac5bef
Instruction Fuzzy Hash: A9B188F7F516254BF3544968DC98362B283AB94324F2F81788F4C6B7CAD97E5C0A52C8

Function 00B64168 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70c0a236f98ef444711353cb6005315c79b9212744f79621b8fae098f9000623
Instruction ID: 5ccf2c0fe35ed03a0d26950f5abcdd24cf2575467374e5a413f4b64bfc80f5f2
Opcode Fuzzy Hash: 70c0a236f98ef444711353cb6005315c79b9212744f79621b8fae098f9000623
Instruction Fuzzy Hash: FCB178B7F516250BF3844838DC983A266839BD4321F2F82788F59AB7C5EC7E5D0A5284

Function 00BB0309 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00091ed6f430cf3bb4dea8d529ab4f60ccae7f497536634cd9f20c57a7d05476
Instruction ID: 8b2e34a1b66f29e761e9e2b20d36b968154aa3e990c4b4f7d2c1552bdd67d6ec
Opcode Fuzzy Hash: 00091ed6f430cf3bb4dea8d529ab4f60ccae7f497536634cd9f20c57a7d05476
Instruction Fuzzy Hash: 50B148F7E516354BF39449B8CD9836266829B94324F2F82388F5C7BBC5D87E5C0A52C4

Function 00BFF257 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77093d213e14c8a5efec73e9f120547971006a92b84df9b44b06fa2af4f04515
Instruction ID: 21ad2fa0d08fecdbc0cb78fc782a2002847ef0a2f07a0c0e7944dbef0d87be23
Opcode Fuzzy Hash: 77093d213e14c8a5efec73e9f120547971006a92b84df9b44b06fa2af4f04515
Instruction Fuzzy Hash: 73B136F3F106254BF3544D29DCA8362A683AB94314F2F81788F4D6B7C9D97E5D0A5284

Function 00C26296 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c6c050af00e8782d99347e0eb36b0e476d4f29d2ee02531a19087d3cb7cbc1
Instruction ID: 875a2198b84f97d5d079b03658a7b11406cc9531b146ab120367d79f3c309d3d
Opcode Fuzzy Hash: 15c6c050af00e8782d99347e0eb36b0e476d4f29d2ee02531a19087d3cb7cbc1
Instruction Fuzzy Hash: 36B16CB3F111254BF3544939CD983A266839BD5320F2F82798B9C6BBC9DC7E5D0A5388

Function 00B9708E Relevance: .3, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db6aa9e6df5dbd2d017e79ed982d4f4efc2adff1bfeca0da8b5cb44bd710956a
Instruction ID: 09995116b85af7eda7185f000707f00396e2ead7ea812e6067ae6b42697fc0d4
Opcode Fuzzy Hash: db6aa9e6df5dbd2d017e79ed982d4f4efc2adff1bfeca0da8b5cb44bd710956a
Instruction Fuzzy Hash: B8B18BF7F5162547F3580878DD683622583DBA5324F2F82788F59AB7C6EC3E4C095284

Function 00B340D9 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5648dcc62475f235b9e48b542ef68660cce621d0be1b0fe202caffab7b54c73f
Instruction ID: 523a4bbbe63952d00a0d6bf2e348c8d8b8f5cce594fd8b8fe8447d1ddc03a982
Opcode Fuzzy Hash: 5648dcc62475f235b9e48b542ef68660cce621d0be1b0fe202caffab7b54c73f
Instruction Fuzzy Hash: 29A18AF3F115244BF3484939CD683A666839BD5324F2F82798F5DAB7C4D87E9C0A1284

Function 00B392BF Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec8641094e23ec39929913ce1e566285e9d2e4255b731b2784efe57328a1b0b2
Instruction ID: 38333a784c65bed86164c9653397610623423a2bbb29badb3f8b3b25aeb1d074
Opcode Fuzzy Hash: ec8641094e23ec39929913ce1e566285e9d2e4255b731b2784efe57328a1b0b2
Instruction Fuzzy Hash: F1A164F3F616254BF3844879CD983A26583A7D4324F2F82788B9D6B7C5DCBE4D0A1284

Function 00AD6160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction ID: 2ea8ca9704aeba26c8c7150821f361e3fc891342171260dea3e0983e149f58bb
Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction Fuzzy Hash: 59C14AB29487418FC360CF68DC86BABB7E1BB85318F08492DD1DAC6342E778A155CB46

Function 00BF4476 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1159b53c804adc4a64b83122613c5bbba86c0e01027f4e20a530da6d41d53f74
Instruction ID: ed90cedcd8a3c4328caaef5ebc188016a5807b6e25dbe45ac24e7892176f2e84
Opcode Fuzzy Hash: 1159b53c804adc4a64b83122613c5bbba86c0e01027f4e20a530da6d41d53f74
Instruction Fuzzy Hash: 1FA17CB3F2162547F3544C39DD983626683DBE5320F2F82794F68AB7C5D8BE9C0A0284

Function 00B43160 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b922f2ed7a85b6bd252005c6adf2064fd06f22b33a00540a2b66ea6e14c107d7
Instruction ID: b57ce45ccf1c2ee1e2b5673582fb10c5e8b53950ab0dc680957113229b1acf66
Opcode Fuzzy Hash: b922f2ed7a85b6bd252005c6adf2064fd06f22b33a00540a2b66ea6e14c107d7
Instruction Fuzzy Hash: 9BA167B3F116254BF3404939CC583A26683ABD0324F3F82788F5CAB7C5D97E9D0A5284

Function 00B5525A Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be64d92f4a993f22f77e3834e662066b79e88820d3f6786178be8e62d0a1e42
Instruction ID: ea8fde7b644d3d2a89e2b170ab864ac08caa6fdc82a6f64ad4477e07d62eabc4
Opcode Fuzzy Hash: 8be64d92f4a993f22f77e3834e662066b79e88820d3f6786178be8e62d0a1e42
Instruction Fuzzy Hash: 5FA199B3E1022547F3584929CCA83627693EBD4321F2F82798F4D6BBC9DD7E5D065284

Function 00B3D2D0 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dde25d4c6fe65fa05b40498811c483969115a1ba2d1ef1d1722354687a090ca
Instruction ID: aa889fa63d7803f605fbfa5675c86bcd928c5ac9f09f6ee4108c0c74c12aae84
Opcode Fuzzy Hash: 2dde25d4c6fe65fa05b40498811c483969115a1ba2d1ef1d1722354687a090ca
Instruction Fuzzy Hash: 8EA187F3F116254BF3584968CD983A26683DB94320F2F82798F986B7C6DD7E5C095384

Function 00C01018 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2e4a15893553d637c934bcb5cafcfd7b7e77e50cb1b65226ceb9d882a6e1b46
Instruction ID: e07e66afbaa83ddda7a3dc5095b7788320d25849b154dfd125811ef9620bfc1f
Opcode Fuzzy Hash: b2e4a15893553d637c934bcb5cafcfd7b7e77e50cb1b65226ceb9d882a6e1b46
Instruction Fuzzy Hash: 5CA18CF7F1162147F3484828CD9936266439BE5324F2F82388F5DAB7C6DD7E9D0A5284

Function 00B6C386 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9785a691577f6987713ac756e0e7de12a1bda284d52498935f39678fc4b496c5
Instruction ID: 5feb991ac7fed26c67e3fb0536a6e9eb4da2e956bae42e5c1f78e3455c596c44
Opcode Fuzzy Hash: 9785a691577f6987713ac756e0e7de12a1bda284d52498935f39678fc4b496c5
Instruction Fuzzy Hash: 5CA14AF3F2062547F3548938CD583626582DB94321F2F82798F9DABBC9DC7E9D095288

Function 00BF1202 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 403e215fc7597b005dd6402e4101be3e911537d09d2e58a92c27dc4f452a58d5
Instruction ID: 41ece3d25cd62e1292bec41c744ced40deeacff90948ba974712188cd9468926
Opcode Fuzzy Hash: 403e215fc7597b005dd6402e4101be3e911537d09d2e58a92c27dc4f452a58d5
Instruction Fuzzy Hash: 35A189F3F1062547F3584838DC9836266839B95324F2F82788F9CAB7C5D97E9D095388

Function 00BBD19E Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9e8d61824f784dc6b90391bfbef6327dabf4ba3d5df40f141d955133208ab35
Instruction ID: b5033cbf2d9e263eff792428aeb0e85b1877f4413b4a67935d922a28547a2dc2
Opcode Fuzzy Hash: d9e8d61824f784dc6b90391bfbef6327dabf4ba3d5df40f141d955133208ab35
Instruction Fuzzy Hash: 5EA16AF7F2062547F3584869DC583626583E7A0321F2F82788E9DAB7C6D87E9D0A5384

Function 00BBA3F9 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa17bfb471caa54f005572c153616b4e490345a769988b9aeb3de0fe56135984
Instruction ID: 06f3bcd19488ca941005a2e3c4ed6b0f818f6f1f6f2728881be73931d151ad66
Opcode Fuzzy Hash: fa17bfb471caa54f005572c153616b4e490345a769988b9aeb3de0fe56135984
Instruction Fuzzy Hash: D9A19BF7F2162547F3544938DC983A26283EBA4324F2F82788E58AB7C5DD7E9D095384

Function 00B8443F Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68e486f3fbbc1aad8fc303a12c87301781b964ca7a7918b7d6deca3681c0f5c2
Instruction ID: 7d904e4c9e92148869be05ea5851b5b417c1eb03c5e2eb69c5251224a0f1a815
Opcode Fuzzy Hash: 68e486f3fbbc1aad8fc303a12c87301781b964ca7a7918b7d6deca3681c0f5c2
Instruction Fuzzy Hash: 1BA18BB3F516244BF3584868CCA83626583DBD4320F2E827D8F59AB7C9DCBE9D095284

Function 00B93009 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8c1aec02815a65297176df779db2737bebf0934c6af2bda0487077823341964
Instruction ID: f3dfe78aa430a4e6e01871e54a375976267d00423c2ecdd3ee9725fc6e7e10a2
Opcode Fuzzy Hash: c8c1aec02815a65297176df779db2737bebf0934c6af2bda0487077823341964
Instruction Fuzzy Hash: E7A1ABB3F502254BF3544968DCA83A27692EB95320F2F42788F1CAB7C5D9BE5D0A53C4

Function 00C304DA Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78eaf3eaebc4d0197acd65492a4bf893040fa4bc253d9d6c86d944e16754935a
Instruction ID: 760ddd81b940a7519f51b900bfc6fe69f6b81486542f3a3fb8910e704d3a030a
Opcode Fuzzy Hash: 78eaf3eaebc4d0197acd65492a4bf893040fa4bc253d9d6c86d944e16754935a
Instruction Fuzzy Hash: B1A17AB7F212244BF3444928DCA83A23683DB95325F2F417C8F596B7C5D97E6D0A5388

Function 00C311EC Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eec0a56b6d76faad55242bfd9c0876b736ed9968eec55b4ee08368fb98311915
Instruction ID: 446b34c81010d16f3d7d1a052da8b9410f46b6a02a1a88f5a549c4711e9d0878
Opcode Fuzzy Hash: eec0a56b6d76faad55242bfd9c0876b736ed9968eec55b4ee08368fb98311915
Instruction Fuzzy Hash: 5DA16BF3F116250BF3984878CC593A26583DB95310F2F82798F5DABBC5D87E9D0A5284

Function 00B7A17D Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e82b2791fa2d4af1822a565bd5328dc01d97152240bdac74f8606f663d05fab
Instruction ID: f0ada5f8bd08186a94413ac6d28916004831137e28309637a67cca648c505676
Opcode Fuzzy Hash: 0e82b2791fa2d4af1822a565bd5328dc01d97152240bdac74f8606f663d05fab
Instruction Fuzzy Hash: 6DA16AF3F115244BF3544969CCA83A276839BD4324F2F82788F9D6B7C5D97E5C0A5288

Function 00C140EA Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bae90a2e34bd42811a0ffff2a09833d7126f73a223549232b6941a64d566dca4
Instruction ID: b1858ce25971f5f43eb22512e3bda5e74891051d9eedf74307653e3c9f87cd5f
Opcode Fuzzy Hash: bae90a2e34bd42811a0ffff2a09833d7126f73a223549232b6941a64d566dca4
Instruction Fuzzy Hash: C2A166F7F116244BF3544929CC983A26683A7D4324F2F82788FAC6B7C6D87E5D4A5284

Function 00BFB171 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c14d298584d0a3bf0f518d82b8f2601417b3c27bc2985ee2b669db0b1a8f2dc9
Instruction ID: 7c06ffd5af9e4c93a65d1de64f94377a55acb43a5d568ec6345f131879c2e345
Opcode Fuzzy Hash: c14d298584d0a3bf0f518d82b8f2601417b3c27bc2985ee2b669db0b1a8f2dc9
Instruction Fuzzy Hash: 70A18CB3F5112447F3944C38CD993A26683DBD5324F2F827C8E99AB7C5D87E9D0A5284

Function 00BE23BD Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76952bf0f797c1f48c5044e73b4480671af9a07f6dc10d743bcba97243388ed
Instruction ID: 6db17723d542fc643ae56cb728c9d5c3a04a877e11571fa5ccaec874444e1991
Opcode Fuzzy Hash: c76952bf0f797c1f48c5044e73b4480671af9a07f6dc10d743bcba97243388ed
Instruction Fuzzy Hash: E2A19BB3F102254BF3540978DDA83627692EBA5324F2F827C8E8D6B7C5D97E6C095384

Function 00B7C476 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14d08692f55d01270a5d0f9f853616ad005f890ea6e42eaf4410688c15085406
Instruction ID: ecaced0d188a118813ea1dcc646840b98157a3a0a47b1a1d871f47a5475cc49f
Opcode Fuzzy Hash: 14d08692f55d01270a5d0f9f853616ad005f890ea6e42eaf4410688c15085406
Instruction Fuzzy Hash: E2A19DF7F516154BF3444938CC683A22683E7D5325F2F82788A686BBC9DC7E9D0A5384

Function 00BEE210 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b6bc624282317d11ac0ac41a1a580ab4d0205650fb1ec1f85951a2c13b4f9b
Instruction ID: 1fd9ab0e0d096e6c5c567a1183b1d56c57431b2f9c3ee8fbd6a636217e0fed17
Opcode Fuzzy Hash: c2b6bc624282317d11ac0ac41a1a580ab4d0205650fb1ec1f85951a2c13b4f9b
Instruction Fuzzy Hash: CAA18CF3F516254BF3484928CC983A26683EBD5324F3F82788F59AB7C5D97E5C065284

Function 00BD2396 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d887ccdacedc6b9f59f11f05796b8a4ca8532b4ab9cc3f4675b691bb815217d9
Instruction ID: 2af2aeba3c50f484db407d5d444decf2f0f75bd0686c9672cb4cf9375e395ba1
Opcode Fuzzy Hash: d887ccdacedc6b9f59f11f05796b8a4ca8532b4ab9cc3f4675b691bb815217d9
Instruction Fuzzy Hash: 62A199F7F1162547F3444928DC983A17683ABE4320F2F42788B5DAB7C6E97E9C0A5384

Function 00B65180 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fd7bc91ef7089cf4d660868b5e490f2d065c2674003e80346881929d8d45591
Instruction ID: 13e098463aee9697443002625f76359837816742e6e4a79bdcf8617fad895406
Opcode Fuzzy Hash: 6fd7bc91ef7089cf4d660868b5e490f2d065c2674003e80346881929d8d45591
Instruction Fuzzy Hash: B7A1BEF7F506254BF3104E68CC983A27692EB95320F2F42788F48AB7C5D97E5D09A384

Function 00C233C8 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1592e99afed0c7804a8ea4bb7c4d40cbe792cc68b023c90b320fdce7c1b65802
Instruction ID: 0c8b58274dcb49bd635d82b8670cb6e3c7cf1f8831cf3149fa86ce7dc21b71ab
Opcode Fuzzy Hash: 1592e99afed0c7804a8ea4bb7c4d40cbe792cc68b023c90b320fdce7c1b65802
Instruction Fuzzy Hash: 20A188B3F1122447F3944D29DC693627683EB95324F2F82788A99AB3C5DD7E9D0A4384

Function 00B79073 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d0e1f55a25a4233e1638100ea29687a52eef678dfdb561883ee0dd0fb598df
Instruction ID: 1361c4b425e0064f63655a542f481725420346ba2867568aaf8536804d61254d
Opcode Fuzzy Hash: a3d0e1f55a25a4233e1638100ea29687a52eef678dfdb561883ee0dd0fb598df
Instruction Fuzzy Hash: 46A19BB3F116244BF3544928CC993A27682DBA5321F2F82B98E9CAB7C5D87E5C095384

Function 00B6925C Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f32dc35cfb32b240b827a3c0df439f719acdd562a55dab1489122e155c9d79b
Instruction ID: 5bdc950783f8db76259b47114c0d0cf7b925748cb4e1484a7ed917cc89a5ac06
Opcode Fuzzy Hash: 3f32dc35cfb32b240b827a3c0df439f719acdd562a55dab1489122e155c9d79b
Instruction Fuzzy Hash: 12A1B1B3F102148BF3544E29CC953627293EB95324F2F82788F98AB7C5D97E9C095784

Function 00BFC40A Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1f7d512122fc1658c1c6fdbb95d18992e5ef3632f506dd9cd0eb021bb1ef0b5
Instruction ID: 64eadce0aaf12503217e3f33fcc4e730a92c42eeb9729c650476f8a440e30831
Opcode Fuzzy Hash: a1f7d512122fc1658c1c6fdbb95d18992e5ef3632f506dd9cd0eb021bb1ef0b5
Instruction Fuzzy Hash: AE9156B3F2162147F3944928CC58362B683EBD4324F2F82788F59AB7C5D97E9D1A5384

Function 00BC612C Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43744d7a916f4e03e4cbdf9a9788f23a48149dd7b3cf448643fca567f52b2f66
Instruction ID: b6621f7f7e822d0f5e482a1f3b86471c6f5926f32eb978d28f27dfc3db38b436
Opcode Fuzzy Hash: 43744d7a916f4e03e4cbdf9a9788f23a48149dd7b3cf448643fca567f52b2f66
Instruction Fuzzy Hash: A09188F3F1162607F3548878CDA936265839BA1314F2F82788F59ABBC9DC7D5D0A52C4

Function 00B3C2AC Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e206e0a6cf4fe86715050bf360be5936588a66fb0e59f6c34cf664291b269c33
Instruction ID: f13bc762ea132a256dd65f97fba89bb505ffb5f0fe041afe8806f578048c19a8
Opcode Fuzzy Hash: e206e0a6cf4fe86715050bf360be5936588a66fb0e59f6c34cf664291b269c33
Instruction Fuzzy Hash: 5F9179F3F1162447F3544C38CD983A266839795324F2F83788EACAB7C9D87E9D0A5284

Function 00B8B39F Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37093337629972e87d04b8c7d8d96cef86a1cc1d18c6b9b0595cc4c52d808a1a
Instruction ID: 33c1c3b82c1fe9cad0983099b6f4db4d74fc1b5f48a44ceaeaf98cd6232d7126
Opcode Fuzzy Hash: 37093337629972e87d04b8c7d8d96cef86a1cc1d18c6b9b0595cc4c52d808a1a
Instruction Fuzzy Hash: 689147B7E1112587F3504A29CC58352B693AB94324F2F82788E9C7B7C9DA7F6D4683C4

Function 00B443CB Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8bc91de5d6fcad9a160b95ec2c034e28524b45a3a4296a93a7fa0046ddb07f5
Instruction ID: 6a9194b3f518e7a47ee767e5114849f6014ec5a7a70d870e93c7bc690074b68e
Opcode Fuzzy Hash: d8bc91de5d6fcad9a160b95ec2c034e28524b45a3a4296a93a7fa0046ddb07f5
Instruction Fuzzy Hash: AF9148F3F516254BF3544869CC983A265839BE4314F2F82788F8CAB7C9D87E9D0A5384

Function 00B811ED Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffc86d5074b6de6ed113bf73fdcd21d20271971bbb12e969eb9da2c82f167d72
Instruction ID: b84e610789918d2c08046c70d95006127d4020bea984c3bbc71d89c1f21df081
Opcode Fuzzy Hash: ffc86d5074b6de6ed113bf73fdcd21d20271971bbb12e969eb9da2c82f167d72
Instruction Fuzzy Hash: B89178F3F1162547F3880868DCA83666682DBA4320F2F427C8F69AB7C5DC7E5C091388

Function 00BFA2EE Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c466548b5933df3e53b96df2cad3dd43f79f0b1b0f19dbf7af1de8d3a59af54
Instruction ID: 032d95206f94b067f5c84c3f7c6e641bf759213a33bb0b800d53eb95faa6f06e
Opcode Fuzzy Hash: 5c466548b5933df3e53b96df2cad3dd43f79f0b1b0f19dbf7af1de8d3a59af54
Instruction Fuzzy Hash: C6916AB7F1021647F3484D39CD98362B683EB95314F2F82788B89AB7C9D97E9D095384

Function 00BE4361 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d771693e6d658c57c4f7e2eabbbbb97f99a918164430c09633b61727dfa753fe
Instruction ID: 2060489b113f53ea37d80e32506348ba507056f0976a67bc747031ec34c78641
Opcode Fuzzy Hash: d771693e6d658c57c4f7e2eabbbbb97f99a918164430c09633b61727dfa753fe
Instruction Fuzzy Hash: 85919CF7F206254BF7444D78CDA83623282DB95314F1E82789F59AB7C5D8BE9C095388

Function 00C0E05D Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e09d8595733bce3b628020d98e719bcfbded9f883ce8dd2de6d65031f425bf7
Instruction ID: d7b2248de257094c043597d43d295eb57710ecff7db692ed110a0df51eab6370
Opcode Fuzzy Hash: 0e09d8595733bce3b628020d98e719bcfbded9f883ce8dd2de6d65031f425bf7
Instruction Fuzzy Hash: 53917CF3F6152507F7544838DC583A266839BE0324F2F827C8A49AB7C6DD7E9C095384

Function 00BE51EB Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52030ae8407a7bbb1673fddf0533fbe3bd097a8cd7af084897828f05406b4e3f
Instruction ID: d68b643e535573e72768186f81c1af26554cf3c1768cb36fe6d5218974d5e533
Opcode Fuzzy Hash: 52030ae8407a7bbb1673fddf0533fbe3bd097a8cd7af084897828f05406b4e3f
Instruction Fuzzy Hash: AD91ABF3F516254BF3584968CCA83A26283DBE4324F2F82388F586B7C5E97E5C065284

Function 00C0B15E Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64bf0ff5d09b03a317390c43094be725c997c203f6e1d4b39f8680bd78434afe
Instruction ID: 9aed798f15c4c794be85d9471e119779f884dd4f7b79a39237c8df0ba51821e6
Opcode Fuzzy Hash: 64bf0ff5d09b03a317390c43094be725c997c203f6e1d4b39f8680bd78434afe
Instruction Fuzzy Hash: 22919AF7F1162547F3544924CC983A26283DBA0324F2F81788F4C6B7C6E87E9D065388

Function 00BF6344 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d803613047fc2e57459232dc52ad08dc3656fbeb5f5eeec6594ec5fca43ae47
Instruction ID: 1ca9b9173080a8793f1bce88942432e3146fb1997574707c242f209516d09e1e
Opcode Fuzzy Hash: 1d803613047fc2e57459232dc52ad08dc3656fbeb5f5eeec6594ec5fca43ae47
Instruction Fuzzy Hash: 059179B7F1122507F3544978CC9836266839B94724F2F82398F4C6B7C9E97E5D0A43C4

Function 00C30094 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc8dd98f1f05b73524cb07c04f5934e20e658af6f7e9139ab88ff549c9915523
Instruction ID: 6aebb3954b531c0821efc42d3e3cadb48202557e4c368d3c319aadec9a456128
Opcode Fuzzy Hash: fc8dd98f1f05b73524cb07c04f5934e20e658af6f7e9139ab88ff549c9915523
Instruction Fuzzy Hash: CF91BFB3F116254BF3544938DC583A22683DBD4324F2F82788E89AB7C9DC7E5D0A5384

Function 00BA0153 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a744527bf856178de7605ed9fd261bdc5965481b4c8b4a32616bf1a288a97b7
Instruction ID: ddfb91fa061a0078a686df293b93db44fb7cf513f61e5f31068eb0020b50a335
Opcode Fuzzy Hash: 4a744527bf856178de7605ed9fd261bdc5965481b4c8b4a32616bf1a288a97b7
Instruction Fuzzy Hash: 9B917CF3F116254BF3444D28DC983627293EB95324F2F82788A58AB7C5ED7E9C0A5384

Function 00B63220 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b3e7b72dbe89d0e8e9b1387c4d9dc1e09a0f5057324be60a66bb7ad22dd72c8
Instruction ID: 41f33c527003b7a86cb433cffa0b48f51fdde7e6b264699bfb02101159def098
Opcode Fuzzy Hash: 8b3e7b72dbe89d0e8e9b1387c4d9dc1e09a0f5057324be60a66bb7ad22dd72c8
Instruction Fuzzy Hash: C1919CB3F1062647F3584D68CDA83B27682EB94310F2F42388F496B7C5D97EAD095388

Function 00B864F4 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9706fd98d7754e3fa53022e9bc3e20aa0164df05a644936e2c96e7eb8de4853
Instruction ID: 8fc92b395844e3cdcaed8fd6c0917265fa28169f0acd117a07f5a51584cad928
Opcode Fuzzy Hash: c9706fd98d7754e3fa53022e9bc3e20aa0164df05a644936e2c96e7eb8de4853
Instruction Fuzzy Hash: 9F917BF7F506250BF3544839CD583A269839BD0324F2F82398E9D6B7C9EC7E5D0A5284

Function 00BEC4EC Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 423e3e7890096710652f21b485652f972a6682b233cde5931eeeac549d0d7069
Instruction ID: 2b20b1b16d816bfee4b287b4d0814dad2766cb45051f2fc410fa7616e08db7f0
Opcode Fuzzy Hash: 423e3e7890096710652f21b485652f972a6682b233cde5931eeeac549d0d7069
Instruction Fuzzy Hash: F2916CB3F1112107F3544939CD983A26683EBD4314F2F82798F49ABBC9DD7E9D0A5284

Function 00AF04C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: b34b1954c542cfc5ad55c038b02fb9ae958100b22900a51a8fcbc35cc871b7b7
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: 5EB16132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715

Function 00B5E213 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61b6d4645418dea1e0fb606b804b13e49079b67c7aa864376bc72165d70ddcff
Instruction ID: e62c562a237df32be137fc429f59aee77da2f30eeb665c89f71b3b73d497f905
Opcode Fuzzy Hash: 61b6d4645418dea1e0fb606b804b13e49079b67c7aa864376bc72165d70ddcff
Instruction Fuzzy Hash: 3B916EB3F1162447F3484939DDA83A22283EBD5314F2F82788B995B7C9ED7E5D0A5384

Function 00B7C03D Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ce9f14726eb0cdc6fffbce6003b7aadd4bb1bb69e53ce245e791e06bb501b2a
Instruction ID: 7bb8ea0b52c581d67311e346a942bcfc09b31018d4f897aaf68695719c2e16cc
Opcode Fuzzy Hash: 3ce9f14726eb0cdc6fffbce6003b7aadd4bb1bb69e53ce245e791e06bb501b2a
Instruction Fuzzy Hash: 73918CF7F112254BF3444929CD983623693EBD1315F2F82788B996BBC9D87E9D0A4384

Function 00B9B18B Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 102c6a1846f86b995d8ce194bd74a16618f20bf5932bf9f9eb774d1d49a2669b
Instruction ID: eb9cbd97fa7315e574b369011d93c50642df3a6d57e885705da9d56999fe134b
Opcode Fuzzy Hash: 102c6a1846f86b995d8ce194bd74a16618f20bf5932bf9f9eb774d1d49a2669b
Instruction Fuzzy Hash: BA915AF3F1162547F3444D28CC583627293E7A5321F2F82788B586BBC9E97E9D4A5384

Function 00B7320C Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bf0ae433d1d23f2b6cfe8be1cb4f6f7df36b7fc33ad17c313eb3a4ef448950f
Instruction ID: 4be9b98b0d1a28868e087cad77da5796256bf54c02a37c1907572b6108267d9d
Opcode Fuzzy Hash: 6bf0ae433d1d23f2b6cfe8be1cb4f6f7df36b7fc33ad17c313eb3a4ef448950f
Instruction Fuzzy Hash: EA9178B7E1022547F3544D38CDA83A266829BA4324F2F42788F5C6B7C5E97F6D0953C4

Function 00B96363 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d99e94ae13d4a31d69d11efd8387eeafbf22cc8da6bb767d039be14115b7c8fb
Instruction ID: 79c49798b448e927991e7047cd8ca79a0422b7bee272bf17ea323e4a541490e2
Opcode Fuzzy Hash: d99e94ae13d4a31d69d11efd8387eeafbf22cc8da6bb767d039be14115b7c8fb
Instruction Fuzzy Hash: 3C919FF3F5162547F3444D28DC983616283DBD0324F2F81788B596B7C9D97E5D0A5388

Function 00B59100 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0b02901252a9d177032ab0d65a5332dae29a6176ade762b24a1b0cd14473391
Instruction ID: d87c10fff5fecb42f999e24c5ca0f3b2c50ce1167f50c21040f23969ecb8a1bc
Opcode Fuzzy Hash: d0b02901252a9d177032ab0d65a5332dae29a6176ade762b24a1b0cd14473391
Instruction Fuzzy Hash: 149189B3E2162547F3544879CD9836266839BA4320F2F82388F5CAB7C5DDBE9D0A52C4

Function 00C1803A Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cabc2f6e5a2af0aba5cffe4d7d1668c28fdf347538fa104f3178b70ca51e99c2
Instruction ID: 476f06744f6b87d02f788747f291ded2a3219292dc99d87029ea212ed91c7f9a
Opcode Fuzzy Hash: cabc2f6e5a2af0aba5cffe4d7d1668c28fdf347538fa104f3178b70ca51e99c2
Instruction Fuzzy Hash: 65918CF3F112254BF3544D28CC983A27283EBE5321F2F81798A986B7C9D97E5D4A5384

Function 00C191F8 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2d4d62ba89c10035f6b70a811f59706cb740538f95b3946471500fb72415295
Instruction ID: 6b05484a7abd9084140586c497151c480bd1b2e2cd6bd797af400066e8d49e74
Opcode Fuzzy Hash: d2d4d62ba89c10035f6b70a811f59706cb740538f95b3946471500fb72415295
Instruction Fuzzy Hash: F591ACF7F516254BF3444928CC683A22283DBD5315F2F817C8F59AB7D9D87E6C0A5288

Function 00C1B1B5 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39ffe1ba8aa31e5ad82fe61fb75e030ccc41dce430947a74cb043ceb32174a70
Instruction ID: 42a89671265b4a43d15505372dd70090ec8941b0f570611aafb26f690b6fdf0c
Opcode Fuzzy Hash: 39ffe1ba8aa31e5ad82fe61fb75e030ccc41dce430947a74cb043ceb32174a70
Instruction Fuzzy Hash: E29184F7F1162547F3404929CC983626683ABD9321F2F82788F586B7C9E8BE5C4A5284

Function 00C212CF Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2017cf48b37da3109a85a983d26caa56535efc4e0f6a09390d17057941a25a37
Instruction ID: 663375a4814cb7d6748aedd4200f4c8b7bdefb19e57d7ed2eb202992303e4406
Opcode Fuzzy Hash: 2017cf48b37da3109a85a983d26caa56535efc4e0f6a09390d17057941a25a37
Instruction Fuzzy Hash: B591BAB3F012254BF3544929DCA83A27283ABE5325F3F42788E8C6B7C5E97E5D065384

Function 00B10460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 64d7588790887963506ef71304cde2b5ea2d7a61267cce2e1abd489dba20d95a
Instruction ID: 591e97ead61120ca7265f47a3b901b033bbcb6526f2888ea9d48b937b007ae94
Opcode Fuzzy Hash: 64d7588790887963506ef71304cde2b5ea2d7a61267cce2e1abd489dba20d95a
Instruction Fuzzy Hash: 806146356183019BD714AF18C8906BFB7E2EBD4720F59C5ACE9858B2A1EB70DCD1D782

Function 00C08161 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8166e9120c25ab48b7a5a689acad46fe3599250ac810b0d9a8dbcaa5e4c73311
Instruction ID: d11ffc8c8f7ae81443983634a4d8df5c4b667e0a38a288f4ba0e2bcd48e42dda
Opcode Fuzzy Hash: 8166e9120c25ab48b7a5a689acad46fe3599250ac810b0d9a8dbcaa5e4c73311
Instruction Fuzzy Hash: F2817AB3F111244BF3544E28DC983A27693AB95320F2F82788E9CAB7C5D97E5D0A53C4

Function 00B6815D Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a30266f8cfb119021e5baff443bc671c3c368c132e4ff1e5b3a5ea105fbab877
Instruction ID: 631d87bc78094a95db4d2d22fc5dd552b31943912112e00acb37d577d36139f4
Opcode Fuzzy Hash: a30266f8cfb119021e5baff443bc671c3c368c132e4ff1e5b3a5ea105fbab877
Instruction Fuzzy Hash: BF8199F7F1162547F3440928DC983A16283D7E5324F2F82398F296B7CAEC7E5C0A5284

Function 00C2E497 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f81030564958e1e44ae93f6d51a6b0b0ebbd0c45070d2bf53f0a991dda37aea
Instruction ID: ea1b6dcacb50778b99f98500f6e0b92f5ab7fec943a5af8d98fd0a39d92f4e0a
Opcode Fuzzy Hash: 8f81030564958e1e44ae93f6d51a6b0b0ebbd0c45070d2bf53f0a991dda37aea
Instruction Fuzzy Hash: 34815AB7E1112547F3644E29DC983A17693DBD4320F2F82788E8C6B7C5E97E5D0A5388

Function 00BC8477 Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea03386e4138014c08b77bc05bac6dab7b0013e5d7ed3160e2cff54639849824
Instruction ID: d894bd820d1c487993274071b6d683c1ef733b09eda4abc4221e5ed32801dd35
Opcode Fuzzy Hash: ea03386e4138014c08b77bc05bac6dab7b0013e5d7ed3160e2cff54639849824
Instruction Fuzzy Hash: 638168B3F102258BF3544E68CCA83627692DB95324F2F42788F5CAB7C1D97E6C065388

Function 00C15181 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 695da999111977d3ff4276f992e2f0a69eda6398443c6013d18fde2447c4dc19
Instruction ID: dc538bb53f7afd557f2be77fe00601fe8deb5ff049e830a204aa782fb9964758
Opcode Fuzzy Hash: 695da999111977d3ff4276f992e2f0a69eda6398443c6013d18fde2447c4dc19
Instruction Fuzzy Hash: 039188F7F5162547F3544828CCA83A27282DB95315F2F81788F89AB7CAD87E9C0A53C4

Function 00B8D16C Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f326b005c56d7df23f919b99161da09835625ebb28e05171d54433f997abdc17
Instruction ID: 836a8fd77b88a14fc07bd19391842524cbfe99e163c9b917b1b9981e266a17ec
Opcode Fuzzy Hash: f326b005c56d7df23f919b99161da09835625ebb28e05171d54433f997abdc17
Instruction Fuzzy Hash: 358178F7E116344BF3544D28DC983A2B6829B95324F2F82788EAC6B7C5E93E5D0953C4

Function 00BAC390 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc1252cc1ca155a15250211f459a105db4b4cfe519f84c4087632b2e077dd09d
Instruction ID: 120732b4d20d7bd05f8006402c518c59e18d1480951ea5687b5d047f5256d0a4
Opcode Fuzzy Hash: fc1252cc1ca155a15250211f459a105db4b4cfe519f84c4087632b2e077dd09d
Instruction Fuzzy Hash: A6817AB3F011254BF3544D29CC98362A6839BD5324F3F82788E58AB7C5D97E6C1A5384

Function 00B8E231 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ae2653adf61f3697d097b70b67679081828bdde79a5e345ecdb1c0fdd562204
Instruction ID: bf62dfff103ebfa4b5798625f9ef486530862cf9c969c85be52895019af49c7c
Opcode Fuzzy Hash: 6ae2653adf61f3697d097b70b67679081828bdde79a5e345ecdb1c0fdd562204
Instruction Fuzzy Hash: B8817CB7F1122447F3544E29DC983A27693DBD5311F2F82788E886B7C5D93E6D0A5388

Function 00C2823E Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 392c371e68d8c44362a4a34d0f134fe7cb34aa25c271eed532da69508c908d65
Instruction ID: 165369e2cb6b443c425adb605dc594b519b62310977bb90c482fb4b46d92b0d4
Opcode Fuzzy Hash: 392c371e68d8c44362a4a34d0f134fe7cb34aa25c271eed532da69508c908d65
Instruction Fuzzy Hash: 1D817BB3F012254BF3144E29DCA83617693DB99310F2F82788F496B7D9E97E5C0A9384

Function 00BD7026 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42959a0b22e4cf5c24d52ad60a3a98949d2b6aef82447233b0e83dd592a20b92
Instruction ID: dfafa126f64daeb7950aded331408606bb3049114f139013d98af7a6c8ed710d
Opcode Fuzzy Hash: 42959a0b22e4cf5c24d52ad60a3a98949d2b6aef82447233b0e83dd592a20b92
Instruction Fuzzy Hash: BC81AAB7E1022547F3944D64CC983A26282EB95324F2F82798F5C6B7C5D97E6C4953C4

Function 00BB52FD Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75760dfd377bd06fa602ead119ec51517dee54b80a90c8da2f75e4c42660590c
Instruction ID: 0e860e2c36999cb4915be3482f11b730437ab4d69f649bc4641cd858e9e8cdd5
Opcode Fuzzy Hash: 75760dfd377bd06fa602ead119ec51517dee54b80a90c8da2f75e4c42660590c
Instruction Fuzzy Hash: 26817AF3F506254BF3944928CDA83B22683DB95314F2F82788F496B7C9D87E5D0A5388

Function 00B4016D Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb1351a0eee5fa6c7da6c5ebd4f9f44c660a4933e474c31642d2c3dbe444defa
Instruction ID: ec75f32dbabf4113ffd36186aa955e516063eeeb4a5bfb4a9f409af1471098c8
Opcode Fuzzy Hash: bb1351a0eee5fa6c7da6c5ebd4f9f44c660a4933e474c31642d2c3dbe444defa
Instruction Fuzzy Hash: ED816BB3E211258BF3544A78CD983627692EB95320F2F42788F587B7C5D93E6D0993C4

Function 00B532CF Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da22ed440ad1963de23bf62bbb11a4e3b45e79a9c44e372e8cca04b163838a9
Instruction ID: 251449a635209b488445dacc21e6163f698234a1d328ea93d897f14ca7ed4d2a
Opcode Fuzzy Hash: 8da22ed440ad1963de23bf62bbb11a4e3b45e79a9c44e372e8cca04b163838a9
Instruction Fuzzy Hash: 6B8189B3E1062547F3544978CC98362A693ABD4320F2F82398F5CBBBC5D97E9D0A52C4

Function 00C2F090 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f95336a3202f48881645f03a8089449ed7ab71fcc410194bdd6a480e2eca6c4
Instruction ID: 4afd558f960b8584c27307170a2820eda15012ca34a867252fdeb5d5fe21906f
Opcode Fuzzy Hash: 4f95336a3202f48881645f03a8089449ed7ab71fcc410194bdd6a480e2eca6c4
Instruction Fuzzy Hash: 1C8187F3F5062447F7484938DCA83A26683EB95314F2F827C8F896B7C9D97E5D095288

Function 00BCE247 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 121bf1f35f24fb68462b7993fa4b1ee18c4a6d7e8a3b1920ec09f8bbfcb55ded
Instruction ID: c0e8ae49270aa1d158395e2191adca133d5122d9ca8750ee082d3f6910567c48
Opcode Fuzzy Hash: 121bf1f35f24fb68462b7993fa4b1ee18c4a6d7e8a3b1920ec09f8bbfcb55ded
Instruction Fuzzy Hash: AA817CB3F1121547F3484D28CCA83627683EBD5315F2E827C8A995B7C9DD7E9D0A5384

Function 00B0C5A0 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9d7a5788db26a36b295f9a4234be6581fc8dd6c3d9bde2b5ae42493f0acf6017
Instruction ID: ff12b799c75189f70aab05bd10d9d42d03fd3cf019ad198aa319b42fbdce23ea
Opcode Fuzzy Hash: 9d7a5788db26a36b295f9a4234be6581fc8dd6c3d9bde2b5ae42493f0acf6017
Instruction Fuzzy Hash: AC512775A093054BD728AF28D84062FBFD2EBD5710F19CAACE485973D1EB31AC418B85

Function 00C2C090 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca788c67e82cf9341c5ed75d0a6d1abda4346b4b0c706f4d74b4f091c6163dc2
Instruction ID: c0ed3459c511c83de0b7d1fec50cde8e879f2a27b3455c75ebbf684c70b6de06
Opcode Fuzzy Hash: ca788c67e82cf9341c5ed75d0a6d1abda4346b4b0c706f4d74b4f091c6163dc2
Instruction Fuzzy Hash: C2818FF3F216254BF3844938CD993627282EBA5314F2F82398F59AB7C5D93E9C094384

Function 00BFD0DF Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa07110ecd889f9a586da367481d6a883bf31f9701742302cae5bc6591d058d
Instruction ID: 7568062d37cc90b5d8b48da09b678cdbdcda1ec56948112220643b461198cf66
Opcode Fuzzy Hash: 5fa07110ecd889f9a586da367481d6a883bf31f9701742302cae5bc6591d058d
Instruction Fuzzy Hash: 408164B3F116254BF3504928DCA836276839BD5324F2F82788F5C6B7C5E97E6D0A9284

Function 00BF70C3 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92ba9d48fb79b3df1d8026b65413c232c1e6ccddf0b01826e3520981aeacff6a
Instruction ID: 5896c2547b20c229f778f0cc798fd625bc4cf2758eadf871f84d10806645389e
Opcode Fuzzy Hash: 92ba9d48fb79b3df1d8026b65413c232c1e6ccddf0b01826e3520981aeacff6a
Instruction Fuzzy Hash: 84816FB3F102254BF3548D69CC98362B692EB94314F2F81788F88AB7C5D97E6D495388

Function 00C0235E Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a90d32ae2883f3d58fc4b5be27e2f9ec328a3a44692275f0f4266db062d65f88
Instruction ID: 603c9261095987b6bb6bb8aae17c8d3faeb5c05118dd790163bded6a37272bf4
Opcode Fuzzy Hash: a90d32ae2883f3d58fc4b5be27e2f9ec328a3a44692275f0f4266db062d65f88
Instruction Fuzzy Hash: 36819CB3F1122447F3584929DC983623693DB99310F2F827D8F58AB7C5D97E6C0A5388

Function 00BFE3FF Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6057c5abc2e88442f1c19182f865a21902984c830b93859de2bc261c3242b370
Instruction ID: becd32e85c813af9456a651fc77993fd125a11d65f2a8a71faa166d55457d97c
Opcode Fuzzy Hash: 6057c5abc2e88442f1c19182f865a21902984c830b93859de2bc261c3242b370
Instruction Fuzzy Hash: D3819AF7F112254BF3444969CC943A27293DBE5325F2F81B88E886B7C5E97E5C0A5384

Function 00BA24BD Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b2616f5a00deedd2bb572da3d94398b75c6a5a69e7e21be75b28452061bfbe9
Instruction ID: c32c390ec6837a996c0039f13d83638c3e5172aa19eabdc70353793e615d00b1
Opcode Fuzzy Hash: 1b2616f5a00deedd2bb572da3d94398b75c6a5a69e7e21be75b28452061bfbe9
Instruction Fuzzy Hash: 4E815AB3E112264BF3544D28CC983A1B653EBD5324F3F41788E486B7C4DA3E6D199784

Function 00BDE466 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1da140f4aa1662a750c71a145421eae1d07044e1a75b06ec2184475394bb227c
Instruction ID: b513937a40302e86339f31a3ca4c58f981a5ab6bf310b9fb58b128a91a62fe13
Opcode Fuzzy Hash: 1da140f4aa1662a750c71a145421eae1d07044e1a75b06ec2184475394bb227c
Instruction Fuzzy Hash: 87817AB3F101254BF3544929DCA83A27683EBD5324F2F42788B9C6B7C5E97E5D0A9384

Function 00C2D1D0 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a625ea66e63d945d44f46115fd4d14f8fea55a4a8dac3f49b40e829dc2c53d13
Instruction ID: 2ba6eb9b07199c39c44cfbac5d07bf082f8f23ba9f097640c909911a68a018d1
Opcode Fuzzy Hash: a625ea66e63d945d44f46115fd4d14f8fea55a4a8dac3f49b40e829dc2c53d13
Instruction Fuzzy Hash: 24719CB3E2112547F3984D39CDA83666693DBD0320F2F83388E696BBC9DC7E5D495284

Function 00B6F134 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6f923d2a802ccddb6925bafc25a4f85bd941552a40e68e3fef69a658b2d93ce
Instruction ID: 7aa1fddf62464f820429afdbce3fe35babc80d89d674a77d146d49e4bce03238
Opcode Fuzzy Hash: b6f923d2a802ccddb6925bafc25a4f85bd941552a40e68e3fef69a658b2d93ce
Instruction Fuzzy Hash: 908177F3E112254BF3944839CDA83A26682DB94320F2F82398F5D6B7C5DD7E5D0A5384

Function 00B6E45C Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a7353f7e24f6b46b0ca838e9e5e5cb3c2a75f4199d96d03a2fdf06d1ec6f8cb
Instruction ID: 40feadc2c6726aa335e95f6159fe79596b850035438f200fd15f8aade36101a7
Opcode Fuzzy Hash: 4a7353f7e24f6b46b0ca838e9e5e5cb3c2a75f4199d96d03a2fdf06d1ec6f8cb
Instruction Fuzzy Hash: 6C8189F7F126254BF3508D29CC483526283ABD4325F3F82788A5C6B7C9D97E5D0A5384

Function 00BDC0B5 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d51d5960caf0a96f5360cc9215dce1a1ff556ce6f01cf097c88ed996f318bcef
Instruction ID: 1a1afb8b5f3f1a78dbb8268b52133b40e09119903e3a24a6c0acf6c9aa295853
Opcode Fuzzy Hash: d51d5960caf0a96f5360cc9215dce1a1ff556ce6f01cf097c88ed996f318bcef
Instruction Fuzzy Hash: AA718CB3F110354BF3604A68CC183A1B692DBA5325F2F42798E5CBB7C5E97E6C1992C4

Function 00C2E10E Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45fca5768f7705659745008d0e7f250716c6212f1eef6402dbe6af3829ec95dd
Instruction ID: f97ae905b327d8158940c3380df890425afb3a4667945cff94eb5d4eb2fe48bb
Opcode Fuzzy Hash: 45fca5768f7705659745008d0e7f250716c6212f1eef6402dbe6af3829ec95dd
Instruction Fuzzy Hash: 54814AB3F102254BF3444E39CDA83627692DB85710F2B427D8F895B7C4D97E6D099288

Function 00B4A193 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5227f1220c1c7793444205de6e34721bf1f1453798327308ddbc050291bc4630
Instruction ID: de79f40e03972fb61f9fa2774623f3ccc05cd84525780a7efaaa581a40ff677c
Opcode Fuzzy Hash: 5227f1220c1c7793444205de6e34721bf1f1453798327308ddbc050291bc4630
Instruction Fuzzy Hash: 8C7169F7F115254BF3540A28CCA83A23693DBD5324F2F42B88B586B7C5D97E5D0A9388

Function 00C2048A Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26c267d8faf97988168ae0d604911ec9a56a9f639ed04529e8e8aa094d53a508
Instruction ID: d6845351b5ea6e5773f193cbdf946c9894856307a587396097ddd1a4442f7051
Opcode Fuzzy Hash: 26c267d8faf97988168ae0d604911ec9a56a9f639ed04529e8e8aa094d53a508
Instruction Fuzzy Hash: A2718AB3E112254BF3440D68DC983A27693EB95320F2F42788F486B7C5D97EAD4993C4

Function 00B85123 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96f00dd0f12d9d1ca1199d25118a7fb7e6e92ea1a8e40bb19ca6c992f99d3528
Instruction ID: f11c6e7a20e9923cc37ecba061c39edb612dd6523c66bfd57143032008436785
Opcode Fuzzy Hash: 96f00dd0f12d9d1ca1199d25118a7fb7e6e92ea1a8e40bb19ca6c992f99d3528
Instruction Fuzzy Hash: F5717BB3F116254BF3444929CD983622683EBD5320F2F82788E4D6B7C5DD7EAD0A5384

Function 00B98264 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40065988e1662538078cafc7c2dc56581834db9dc0b67cc9178b60b2de54a5eb
Instruction ID: 9b6fac7f73a9597c575e159482b84a3373a9116732b79bbcd56cdb176b9c3d94
Opcode Fuzzy Hash: 40065988e1662538078cafc7c2dc56581834db9dc0b67cc9178b60b2de54a5eb
Instruction Fuzzy Hash: 99718AF3E1122547F3544939CD5836266839BE4321F3F82788E9C677C9DD7E9D0A5288

Function 00BA215E Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 424ef3ce0cf2f547825148af3ddad6561e75b47dae5b28595e3f7931c206e7e2
Instruction ID: a34dabb79760e19be13abcef151bc6dbef9b9d3ba31b70fbd3965f74b8fd85c2
Opcode Fuzzy Hash: 424ef3ce0cf2f547825148af3ddad6561e75b47dae5b28595e3f7931c206e7e2
Instruction Fuzzy Hash: 307146B3F111244BF3984E68CCA83B27293EB95324F2F417D8A496B7D1D97EAD095384

Function 00B5A098 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53de91b2a977629064be626a38ea06a6ec591ca7e889ba3de165ad64c9190acb
Instruction ID: f223856f028007196c3273d188ae031ffe2ff2113d6f6b5ef912a32be0b419ad
Opcode Fuzzy Hash: 53de91b2a977629064be626a38ea06a6ec591ca7e889ba3de165ad64c9190acb
Instruction Fuzzy Hash: 8F718DB3F2161547F3444928CD583A27693EBD9320F3F82788A589B7C9D97EAD0A5384

Function 00BA505A Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6e7c5bea8f75d8e67fa862ebd53f8cc485dc8c907c6b5c8d06071cdfef7e0e7
Instruction ID: 8d94cd8c13bb9d627d23851c6a9dff3556ec8b111516077a2929ea0f1eef9ca8
Opcode Fuzzy Hash: c6e7c5bea8f75d8e67fa862ebd53f8cc485dc8c907c6b5c8d06071cdfef7e0e7
Instruction Fuzzy Hash: 527199B7F1062547F3984D29CCA83627683EB94310F2F817D8B4AAB7C5DD7E5C0A5284

Function 00B86182 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06210aeba87ef783ed90d7bd9df57b491afca875e2a920c1ea7de164f9a07e6c
Instruction ID: 1408ac77ad61e729f1ed51df3ba9e6a6729a0b4074ba4aea355622b1e587d17b
Opcode Fuzzy Hash: 06210aeba87ef783ed90d7bd9df57b491afca875e2a920c1ea7de164f9a07e6c
Instruction Fuzzy Hash: B4716BB7F1012547F3584E28CCA8362B693DB95714F2F82788F496B7C5E97E6C099388

Function 00B5A3F4 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3194390fc28cf5ac4db547a7939720fd3bb907ec57b1d0742115052f533b0274
Instruction ID: 4a5a83542c1cc57bf522e7e1e4940836e7e0e1c57304926989cbf7722f812171
Opcode Fuzzy Hash: 3194390fc28cf5ac4db547a7939720fd3bb907ec57b1d0742115052f533b0274
Instruction Fuzzy Hash: C7718AF3F1212547F3540929CC58362A693ABD4324F2F82798F5D6B7C9ED7E5C0A9288

Function 00B451F0 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4990b671ff3564e4e6ee07b52d9e2c15f6b44f694e38bd2a7422216f725397cb
Instruction ID: 97fdff08be7187520fe1afcda165b1bc79ca35cf89ce13f44b5aa67d0f6b82fd
Opcode Fuzzy Hash: 4990b671ff3564e4e6ee07b52d9e2c15f6b44f694e38bd2a7422216f725397cb
Instruction Fuzzy Hash: 8B7169F3E116264BF3544978CD983A16683EBD4324F3F82388E5C67BC9D97E9D0A5284

Function 00BDC423 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c3af5a54b5ac5e5deb9f2e1dcf211bf5cf6ab7bc78d2049ab1d637d3caf2805
Instruction ID: 40d6d6ab82068db094bddb7a8bf7d62e62aa217d870b01378d0365a2d6e642ed
Opcode Fuzzy Hash: 6c3af5a54b5ac5e5deb9f2e1dcf211bf5cf6ab7bc78d2049ab1d637d3caf2805
Instruction Fuzzy Hash: 0A7167B7F012254BF3484929DD68362A283DBD4324F2F82798B5D6B7C9DD7E6C0A5284

Function 00BCC2E7 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69d5a27d17dc4c212c833a38944789431792d3d3d3636786a4eaca0f9f9cd88
Instruction ID: dafdaed46e62aa97112732e8a83c7f12501ec30135cca9f10472a9f4fa12db5b
Opcode Fuzzy Hash: d69d5a27d17dc4c212c833a38944789431792d3d3d3636786a4eaca0f9f9cd88
Instruction Fuzzy Hash: 587178B7E1152547F3544928CC98362A2939BA4325F2F81798F0D7BBC5E93E6D0652C8

Function 00BF0329 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 548054b06c463de45bcc41b42d6192410722146fbeac1c8b659e3ef41f0f4afb
Instruction ID: f845df5d712faf31f9ea9aab225abd56c671112337310b7455ec4de491d3a2d9
Opcode Fuzzy Hash: 548054b06c463de45bcc41b42d6192410722146fbeac1c8b659e3ef41f0f4afb
Instruction Fuzzy Hash: 517147F7E105254BF3544D28CC583A26292EBA4324F2F467C8F89BB7C5E97F6C495288

Function 00B381CB Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bf3de3373e9030b567a21859d2741b7b348a8db7da4cba62b8bc387474446b5
Instruction ID: 70e9a8a85fe07cb65e97fa705dd6bfcc5ae975bcfd81041216bc05b35c291ca8
Opcode Fuzzy Hash: 9bf3de3373e9030b567a21859d2741b7b348a8db7da4cba62b8bc387474446b5
Instruction Fuzzy Hash: 2071BFF3F1062547F3544929DC983627683DB95714F2F82788B8CABBC5D93E9C0A5388

Function 00B743D6 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23b0c6bac01436584af276914c59e96b5c5764e667a4ad51c4e65927d65b3b1
Instruction ID: 30a3ff0fcb9bc0e4ed7a7df799bdf91a233f7497ca9e72d2406e49a162c7e062
Opcode Fuzzy Hash: a23b0c6bac01436584af276914c59e96b5c5764e667a4ad51c4e65927d65b3b1
Instruction Fuzzy Hash: AE719BF3E2063547F3544928DC983617682ABA8321F2F82788E8DA77C6E97E5C0953C4

Function 00C043E7 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0d5f7974446f5cbfe1e3359fd0a6d16760b7b81ea081f4d2ee303ecc79a74f1
Instruction ID: 828ad43b1dc04babb8f8371e64da2724e058a5836bc0ab44798b38db8a8a5aca
Opcode Fuzzy Hash: d0d5f7974446f5cbfe1e3359fd0a6d16760b7b81ea081f4d2ee303ecc79a74f1
Instruction Fuzzy Hash: EB71CFF3F1022547F3444E68DC983627293DB95325F2F82788E58AB7C5D93EAD0A9384

Function 00BF3294 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ddd1a68a85fab0280f46830ab4b1f070bd72bb71093f747d9a706ef39e4c94e
Instruction ID: 4917957cd4e506d88d24f7beb214122b1c507507281edf61499afb7f8c34e5d8
Opcode Fuzzy Hash: 3ddd1a68a85fab0280f46830ab4b1f070bd72bb71093f747d9a706ef39e4c94e
Instruction Fuzzy Hash: 387178B3E2152547F3548D28CC683B27283EB94314F2F817C8B596B7C5D97E6D0A5388

Function 00BAC03E Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 142bcc68daf1de768c9c5ab9adf1841f4b3496c2af78d1a6b103369a3877f1cc
Instruction ID: 868affdcb6ebbae287641d42426a7205e4955397e3c3e6a5748a40c4d608d822
Opcode Fuzzy Hash: 142bcc68daf1de768c9c5ab9adf1841f4b3496c2af78d1a6b103369a3877f1cc
Instruction Fuzzy Hash: 19617EF3F5152507F3504978CC483A26683E795314F2F82788F4CABBC6D83E9D095284

Function 00B75186 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b36ff742c3c627dcabfed32d42baf29d3fa3c19fd2a9a6cb857c1aec05586ca
Instruction ID: 442ac6ab1c13f64155586f6ad7b41a01d19efa255ead09f8d2fd43fa2175e13c
Opcode Fuzzy Hash: 6b36ff742c3c627dcabfed32d42baf29d3fa3c19fd2a9a6cb857c1aec05586ca
Instruction Fuzzy Hash: 996198B3F1122547F3544D38CC983A2B6839B84325F2F82798F5D6BBC8D97E5D0A5288

Function 00BAE285 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7e706139728e923b3494b035a84702ef3f69a2e9eeba541c66abad76bd91c8a
Instruction ID: 1f03529e72e1e267a28f7eb187d8eb9ff94b1e0df0a8438531d22bac51fd9807
Opcode Fuzzy Hash: e7e706139728e923b3494b035a84702ef3f69a2e9eeba541c66abad76bd91c8a
Instruction Fuzzy Hash: 9E717FB7E101254BF3144E28CC683A27392EB95324F2F417C8E896B7C5DA7F5D459784

Function 00BD5223 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d114c1c7e2cffed6bbba9ada08e0affc28ceaccabb8ee67ddf626420b088e70
Instruction ID: 831fcfd00d7f834b4132a9e7b7e31ff2ce1356ab8e207a452de59567f7227bac
Opcode Fuzzy Hash: 2d114c1c7e2cffed6bbba9ada08e0affc28ceaccabb8ee67ddf626420b088e70
Instruction Fuzzy Hash: 1D714AB3F112254BF3904D78CC993A27293EB95324F2F42788E496B7C5D93EAD096784

Function 00B94277 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1449f42f34966b5099387b76a3eed55aab29b7278aff555bfd594fa5a307e5b2
Instruction ID: a72032541d4a72dd702b518588fd6c26b491b9835c39bfbed781375d11d84a0e
Opcode Fuzzy Hash: 1449f42f34966b5099387b76a3eed55aab29b7278aff555bfd594fa5a307e5b2
Instruction Fuzzy Hash: 686177B3F215254BF3544928CC583626683ABA5320F2F82788E9C6BBCAD93E5D0953C0

Function 00B3316F Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e035ba0f0776f96a4e56cfda70d189e7a625334fba5b0e7af61ef67a63d1a146
Instruction ID: 853537b8adeb824582bea1104102cec26fef0f23afafc75b891973eea319b067
Opcode Fuzzy Hash: e035ba0f0776f96a4e56cfda70d189e7a625334fba5b0e7af61ef67a63d1a146
Instruction Fuzzy Hash: 4B6138F3E1122547F3540A29CC583A2B292EB94324F2F41798F896B7C5E97F6D4A5384

Function 00C2423A Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 874381a1fd4e240ef34a77310fb3df146ef5b00fec64769ebbc13745b9196716
Instruction ID: 8cb00d0e44d12493fa4f4ac1e04c8c32467c2c6132f60a020beb57a546a660e4
Opcode Fuzzy Hash: 874381a1fd4e240ef34a77310fb3df146ef5b00fec64769ebbc13745b9196716
Instruction Fuzzy Hash: 50619BF3F116254BF3584D78DC98362A6829BA4320F2F82798F9CAB7C1E97E5C055284

Function 00C3B05B Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f26d0f7bcba54147d5316d33458453316872963a94b01aa5fe9a1c5a7a0a82e
Instruction ID: 55794befe7367309166153cbf776c2b2a3064aa15e240c7e7a902273e6bf5965
Opcode Fuzzy Hash: 2f26d0f7bcba54147d5316d33458453316872963a94b01aa5fe9a1c5a7a0a82e
Instruction Fuzzy Hash: B46129B3F111244BF3944D29CD583A27693AB94314F2F82798E8D6B7C4D97E6E0A5284

Function 00B4903D Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5170eb19488bc74c5c750aa910a5c59a1f3186cf403baf655e52c2d62209da0c
Instruction ID: d611a8f2327d5d70d5b7a9c874b46706cb136db44d233c5544dc23cb48c4355d
Opcode Fuzzy Hash: 5170eb19488bc74c5c750aa910a5c59a1f3186cf403baf655e52c2d62209da0c
Instruction Fuzzy Hash: 61616DF7F4122547F3184A24DCA93717292EB95314F2F41798F4A2B3C6EA7E6D05A388

Function 00BC44B7 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f49f3fe52d6adf54605c4f29a5614c20d82682a3a12ee8a0793a1a0829168cf7
Instruction ID: 0ce5f945ce80ea8d8a5bded6002ac56c4f41c41ceee1234ca0e5a6cbe5540159
Opcode Fuzzy Hash: f49f3fe52d6adf54605c4f29a5614c20d82682a3a12ee8a0793a1a0829168cf7
Instruction Fuzzy Hash: 35614CB3F111258BF3544E69CCA43A27252EB95310F2F4678CF496B3C4DA3E6C19A788

Function 00BF2258 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9359154e1ff080666f507941518a72914b94573361a1857a3b8c5975a49f73c
Instruction ID: 7d9fa5fafd38fcdc3343a7069b3c0b5b3eac44c97520ace366333a983d279bec
Opcode Fuzzy Hash: e9359154e1ff080666f507941518a72914b94573361a1857a3b8c5975a49f73c
Instruction Fuzzy Hash: DE616AB3F1122547F3540925CCA83A26283EBD5320F2F82798FAC2B7C5D97E5D0A5384

Function 00B28135 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa08fa05546a16a77c87027052b9d155af177f43cf39f53bbe186ecfe9a5ccaa
Instruction ID: c042645aae892a00f071393c6e2c43898b10c529af0567690d042b18f256dc73
Opcode Fuzzy Hash: aa08fa05546a16a77c87027052b9d155af177f43cf39f53bbe186ecfe9a5ccaa
Instruction Fuzzy Hash: E45189F3F1052547F3884968CC293A26693EBE5320F2F82798F4DAB7C5D87E5C4A5284

Function 00B322AC Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f6afa74d84bd6ef98189fec6f16c240cf88fac50ca2e1b0f67c85aa40b86424
Instruction ID: 36fff1c03a74f870babee7f9e9b7d26cdb0c133f65b403755603a57a37685e31
Opcode Fuzzy Hash: 6f6afa74d84bd6ef98189fec6f16c240cf88fac50ca2e1b0f67c85aa40b86424
Instruction Fuzzy Hash: 845198B3F1152447F3884829CC68362A6839BD5324F2F827D8E59AB7D5DC7E9C0A4288

Function 00B991D9 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95afb83df0ebf5dd4662277d738f6b4778477f15cac648c4b90431016b69617c
Instruction ID: a304d61e79953c418d0ae70d1800a642c4f562acf6dfe07502de8ebfd374ec70
Opcode Fuzzy Hash: 95afb83df0ebf5dd4662277d738f6b4778477f15cac648c4b90431016b69617c
Instruction Fuzzy Hash: 4D516BB3F112244BF3448D29CC983627683DBD5324F2E827C8F99AB3D5D87E9D099284

Function 00C27228 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809f44935bc0a0e104b6a8f7e41801fe70a635f38db2bc676dbefc766b2d47e7
Instruction ID: 8a2703015a3f6999f6730f6be96a5ed404ef620e7dab989cf8e192953aebfb4f
Opcode Fuzzy Hash: 809f44935bc0a0e104b6a8f7e41801fe70a635f38db2bc676dbefc766b2d47e7
Instruction Fuzzy Hash: B85138B3E012258BF3508E19CC94362B3A2EB85314F3F4179CA586B3D1EA7E6C569684

Function 00C3908A Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d061def48681808b8d48c247b73a6928618b49bafa3158178c6aea043768bf0a
Instruction ID: 010a724a4f559ba42699286ae72594f36bf0bb1158acd53c7fcd6abd043d4caa
Opcode Fuzzy Hash: d061def48681808b8d48c247b73a6928618b49bafa3158178c6aea043768bf0a
Instruction Fuzzy Hash: 715158B3E111254BF3504E29CC583A27393EB95311F2F817C8E886B7C5D97EAD09A788

Function 00BFE175 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce7faae4b2629afae4cf0da0b3fc22e31d5de91fd2162a13b399486f39416bd6
Instruction ID: 7468693337cf224f159f99f74c8cdf430a817b34f2796e394f60d4ae12d7b21e
Opcode Fuzzy Hash: ce7faae4b2629afae4cf0da0b3fc22e31d5de91fd2162a13b399486f39416bd6
Instruction Fuzzy Hash: 68517CF3F112244BF3544D68CCA43627292EB95324F2F82788B5C6B7C4D97E9D0A5388

Function 00B6739B Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d065bdee6c068c4acdc6bad5172cd8f612b42e0426ebbe4d2d015614f028f2ca
Instruction ID: d832695613d1527f0dd640e35bd33b10fb7c2fc742f7e0fabadfced93cfb08c2
Opcode Fuzzy Hash: d065bdee6c068c4acdc6bad5172cd8f612b42e0426ebbe4d2d015614f028f2ca
Instruction Fuzzy Hash: 14518BF7E2112647F3944939DD983A26583EBE0325F2F82388F98A77C5DD7E9C095284

Function 00B0F18B Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e60033cdaa957fa07f8319f8fe516fdb901b21b482894ca3740fd5ea01bf089
Instruction ID: 783d433b147a8d1ec8decc1865876669f2ac315abf4a539570f110db0f61795c
Opcode Fuzzy Hash: 6e60033cdaa957fa07f8319f8fe516fdb901b21b482894ca3740fd5ea01bf089
Instruction Fuzzy Hash: 06412A327087524BD728CE3888E127BFFD29BD9310F5D887ED4C2C7696D524E9068781

Function 00C23127 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae80f46839d5e860af1704c55e3ddd695a7e74498753e86c61a4797f9a7c2340
Instruction ID: ca992aeb1fd65a0d26b5efde766f23b231dfa41662edda1836eb5631b18405e7
Opcode Fuzzy Hash: ae80f46839d5e860af1704c55e3ddd695a7e74498753e86c61a4797f9a7c2340
Instruction Fuzzy Hash: AB5125B3F1122587F3500E28DC983927693EB95324F2F41788E486B7C5DABFAD469384

Function 00B601A6 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3be508af06c339c845c9f66cfc02157d572fae42fd9dbff92939e047aed184e0
Instruction ID: 5749d9811cb0d82703aadd04b3fa323d392daccd5fe79e1a06cbded26725bc88
Opcode Fuzzy Hash: 3be508af06c339c845c9f66cfc02157d572fae42fd9dbff92939e047aed184e0
Instruction Fuzzy Hash: BA5125B3E5162547F3584924DCA83A26683DBD4324F2F827C8F8E6B7C5D93E5D0A5388

Function 00C344AE Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02e5f5ff834619000924a9a9ff12ddbfed5aa9dd575a687681f5d457474c5bda
Instruction ID: 8ffda0d7a8be4bf1bfca352dea7e2b85cc5725ee8f2028bd838eacb6984c70bf
Opcode Fuzzy Hash: 02e5f5ff834619000924a9a9ff12ddbfed5aa9dd575a687681f5d457474c5bda
Instruction Fuzzy Hash: 12516DB3E1122587F3504E24CC583A2B392EB94324F2F46798E986B3C5D97F6D4957C4

Function 00B5C39B Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 135bde0209fad7672c3a68f2a43e552f6d911941ea0fd32bca0ae89451ff8f08
Instruction ID: 7af1ea46f5e396d484b24d9040a721d99e6da5986982c185b637bed9f15b7d3e
Opcode Fuzzy Hash: 135bde0209fad7672c3a68f2a43e552f6d911941ea0fd32bca0ae89451ff8f08
Instruction Fuzzy Hash: 75415CB3F1122547F3504E28DC983A27753EBD5314F2F81798A886B7C9D97EAC499384

Function 00C4D2B2 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdcc0c2cac94bf4df16d850be591baf33e5d1715a1eb985708ffc98effac30a2
Instruction ID: 1a342e5a17edfb443ab5f15194ba0fc1ea0406f24e42fdf70ceb60fefa4b1a2d
Opcode Fuzzy Hash: bdcc0c2cac94bf4df16d850be591baf33e5d1715a1eb985708ffc98effac30a2
Instruction Fuzzy Hash: 633135B39482086FF7087969DC1976AB3DA9F95330F2A453ED685C7780FD78990286C2

Function 00B02070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee08d9610e34b336eafd6b81fc07548e3db68cf4de37340593b2be6e1023b837
Instruction ID: b087884124b98754cc6d9ea2c4fc0697d86c84215fdb81e113197c29f7cc12bd
Opcode Fuzzy Hash: ee08d9610e34b336eafd6b81fc07548e3db68cf4de37340593b2be6e1023b837
Instruction Fuzzy Hash: 32815AB514E3848BC374DF05A5986DBBBE1BB89308FA089ADC4884B350CFB15489CF96

Function 00BD504D Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e70efd58847e85129da15f37c7c7e3d8025a1d8f0f57891ad9447278208ff5a7
Instruction ID: 6b6fba42da6780569e4b0ff30d63ee2b46cc09f0038b749df6304839740b8416
Opcode Fuzzy Hash: e70efd58847e85129da15f37c7c7e3d8025a1d8f0f57891ad9447278208ff5a7
Instruction Fuzzy Hash: CC4144B3E1022547F3644E69DCA8362B292DB95324F2F42B88F583B7C5D97E2D0593C8

Function 00B410DA Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acd848f3aca70ac68825ac262da61610280e605fbb697ddc447979c3c920ed34
Instruction ID: d3a81551d5b23fd8aace0656a021e813c18b2799a526b51b2eb03f436e33aaff
Opcode Fuzzy Hash: acd848f3aca70ac68825ac262da61610280e605fbb697ddc447979c3c920ed34
Instruction Fuzzy Hash: 893190B3F6162047F3884865CC593A2768397D4321F2F81788B6C9B7D6DC7E9C461288

Function 00BCA122 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24ccd48230ded9f2e43590e71dc64d088703c1b8872eae6e6c4028858ee2c7e1
Instruction ID: a62d47260f76808b416f4c0d9531d3aff274974fa1a691300a2d3221e43f29c3
Opcode Fuzzy Hash: 24ccd48230ded9f2e43590e71dc64d088703c1b8872eae6e6c4028858ee2c7e1
Instruction Fuzzy Hash: 2A315AF7F116250BF3544879EC9836265839BA4325F2F817A8F8CAB3C5D87E8C064384

Function 00BFC241 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732963cf33d0b51c60ee8078342308150740aa35bc388d381db305623acaa31c
Instruction ID: 861cd5a11e53c21fb32b4011b74747367a6313d5339096bfa7b6a3e48814cbcf
Opcode Fuzzy Hash: 732963cf33d0b51c60ee8078342308150740aa35bc388d381db305623acaa31c
Instruction Fuzzy Hash: 23316FF7F506364BF35408B9EC9436265829BA5324F2F42798E5C6B7C5DCBD4C0A42C4

Function 00B0A440 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction ID: 20be6b19a111ba0a2afe5d999465b070a404eeab228f5fed5e7f11e3af8c2a5e
Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
Instruction Fuzzy Hash: DB31D472A087044BC7199D394C9126FBAD3ABD5334F29CB7EEA778B3C1DA748C415242

Function 00B644E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27f3c8be4400eb44fcf935a84a505eafd5f50bdda4b07da62eb715d24c90dd1a
Instruction ID: 03d1e6c2a6ee891324f062334ea38a15cc51c49f481b2375ef0ba900f249a713
Opcode Fuzzy Hash: 27f3c8be4400eb44fcf935a84a505eafd5f50bdda4b07da62eb715d24c90dd1a
Instruction Fuzzy Hash: BF312CF7F51A1507F3984829DC9936256839BD4319F2F817C8B59A77C6DC7E8C060384

Function 00B45033 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7dac646eeb0acbb462281fb95dd1131b1de0037d90f78368eefe6b617a347b8
Instruction ID: d8e07888d8efb99206e5939f3c36d6bc2c32c02962695cb816a4fb2734ef16ac
Opcode Fuzzy Hash: e7dac646eeb0acbb462281fb95dd1131b1de0037d90f78368eefe6b617a347b8
Instruction Fuzzy Hash: F53134B3F1162547F3644869DD98362A5839BE4324F2F83748EAC6B7C6DC7E9C0A42C4

Function 00C050D6 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 862636aafceb39bdfbd097fadfc55fb74190437535caacb485a6a6e3ad527709
Instruction ID: 4bba0af69b44784357ee78b52ba094e5241b9c1f62d181f2376c5669d9e70352
Opcode Fuzzy Hash: 862636aafceb39bdfbd097fadfc55fb74190437535caacb485a6a6e3ad527709
Instruction Fuzzy Hash: 7F3135F7F6152107F7144879CD5836695839BE5324F2F82388F5CABBC9D87E8D0A4284

Function 00C2A430 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 822260a4f533cd455487453ddce1d9f018f4dd27e5bd3939be3d58e02f30326a
Instruction ID: 180ba85f629cc55e28f4e8fcbde0c638cf77642adac21e676dcdd66f717841c4
Opcode Fuzzy Hash: 822260a4f533cd455487453ddce1d9f018f4dd27e5bd3939be3d58e02f30326a
Instruction Fuzzy Hash: 683193B3F116210BF38848B8CDA93A62583DBD5314F2F83798F99AB6C5DCBD5C090284

Function 00B581E9 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78340bb5513b2e6893591c0c9a76ccd689310783a9ccdca4dd04ed1f088d8b8e
Instruction ID: f5cab0e7d90e35cf600046db5dc59f1fc54e367410b85136c8e2d464c03d1003
Opcode Fuzzy Hash: 78340bb5513b2e6893591c0c9a76ccd689310783a9ccdca4dd04ed1f088d8b8e
Instruction Fuzzy Hash: 19312AF3F6162107F3584879CD98361558397E4325F2F82388F19A77C9E8BE5D0A0284

Function 00B690CF Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f5cbbe735ba60bbdf7400a7ebf3e43a1a95a99c5f62e685212738a2a1df434c
Instruction ID: becadbe8e871c015c8e40a2636280136c0fbbc3f2ffb86b1b4444eb80fce1a22
Opcode Fuzzy Hash: 6f5cbbe735ba60bbdf7400a7ebf3e43a1a95a99c5f62e685212738a2a1df434c
Instruction Fuzzy Hash: 683127F3F110244BF7844839CD683A6268397D4354F2B82798F5DAB7C9EC7E5C0A5294

Function 00BFF0C2 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff358c1c11896f147ed4aedb338d271c95499e13292bcd784171ebb6810c71f
Instruction ID: 459d6cd609efb5716ff4c49b228f227f6187065a62a37ce56aea2fcfd200a4da
Opcode Fuzzy Hash: 8ff358c1c11896f147ed4aedb338d271c95499e13292bcd784171ebb6810c71f
Instruction Fuzzy Hash: 863137E7F616254BF3844879CD483A215439BD5724F2F82798F5CABBC9D87D8D0A1388

Function 00C3813D Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a38dfb26290bf2022c4a153bd0caf3476f5036fc9fdeaeb3b7d179e224589c8d
Instruction ID: 80480d0ac1e78debaa197b04a2d428b8c352699bc1d72eded3d0d6afbc0ec930
Opcode Fuzzy Hash: a38dfb26290bf2022c4a153bd0caf3476f5036fc9fdeaeb3b7d179e224589c8d
Instruction Fuzzy Hash: A431F7F7F1152407F3584839CDA8362158397D5328F2B8279CB5D6BBC9DC7D5C0A0288

Function 00C04266 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f8649a43888c1175add90d2bf149a2c99821a0e71b5cca59420994b28f8871
Instruction ID: 85974db42abf010df6ac1f15d861b04b43fed5b342f231d52793a8001102b16b
Opcode Fuzzy Hash: e2f8649a43888c1175add90d2bf149a2c99821a0e71b5cca59420994b28f8871
Instruction Fuzzy Hash: 19317AB3F516214BF3588878CCA83A165439BD5320F2F83788B6DAB7C1DC7E5C0A5284

Function 00C21155 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f2dbcdaedd305e1e58b08b990c405bd4903db2366b651f277d4ff02fa21ac3d
Instruction ID: 5f1a4edc1e03597e34118be9f7723a824745bf6f1510656394a3c13687764689
Opcode Fuzzy Hash: 3f2dbcdaedd305e1e58b08b990c405bd4903db2366b651f277d4ff02fa21ac3d
Instruction Fuzzy Hash: 6D3139F3F5062007F3984839CDA93A6258297D4314F2F823A8F5EAB7C1DC7E8D0A1284

Function 00B62035 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee2597c7605eef17a2133c4b91f2cf81289c207e3cdbaf69aa1afe04fd72d5c3
Instruction ID: 6abe2621bfeabd11960eed04c8c1702634dc13aced67dc216ff3e52dbbbf22bf
Opcode Fuzzy Hash: ee2597c7605eef17a2133c4b91f2cf81289c207e3cdbaf69aa1afe04fd72d5c3
Instruction Fuzzy Hash: 8E3189F3F5152143F354883ADD4836259839BD5724F2FC2388A9CA7BC9DCBC880B1284

Function 00BA03FA Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a04ab198f34407485fd1b1a1c1c9a0af288dc6386d435de744901b3c95e59acd
Instruction ID: 6d4455360b500bb04b3929e13169e702243be9ca26093e52398e4ebff871103e
Opcode Fuzzy Hash: a04ab198f34407485fd1b1a1c1c9a0af288dc6386d435de744901b3c95e59acd
Instruction Fuzzy Hash: 6831E4F7E6262547F3584839DC98392618397E5324F2F86788F2CAB7C5DC7E8C464288

Function 00BA61F6 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 188e757cdb9e9aa4839f4bc9ba0a95bc6a4318e4003e94f49e65116b7ef28a6a
Instruction ID: d7d23e4af1addac54f869915d83fed1bc64a7d11c4172f423062683aa2f9d232
Opcode Fuzzy Hash: 188e757cdb9e9aa4839f4bc9ba0a95bc6a4318e4003e94f49e65116b7ef28a6a
Instruction Fuzzy Hash: BF316AF3E5063147F3584878C96936265829798324F2F837D8F9EABBC5D87E5C0552C4

Function 00BB81B7 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5ce9f8d324cfa8e25a45a135b63cd9bf6751472107344f9e7ebdb648242364a
Instruction ID: 6bb3503507612c13f4ffa75f0330d2656211660493eec062a9db52505445e4b0
Opcode Fuzzy Hash: f5ce9f8d324cfa8e25a45a135b63cd9bf6751472107344f9e7ebdb648242364a
Instruction Fuzzy Hash: 232143E3F2152207F7588879CD68362658397E0315F2B82798F9DABAC9D87E5C090284

Function 00BEC37A Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c76abd96534497baf5189521d88ccb2b2f0b8f7b1ece831e685bdbabdee28d9
Instruction ID: a17410bc4751c56ea576bf205453971fdf2904252b7ca9eb40c09156039c1268
Opcode Fuzzy Hash: 6c76abd96534497baf5189521d88ccb2b2f0b8f7b1ece831e685bdbabdee28d9
Instruction Fuzzy Hash: 0A312CB7F015244BF3548D35CC983A26543D7C5320F2EC2788E982BBD9DD7E5D0A5284

Function 00BDE30E Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff3de91bcc723c7058f9ae40172aa108857911825c2a51dd81b805bbeede19f4
Instruction ID: 8501391a1c51cada031b39460b7190d4217b7e024526236a02d2713af2fe5e39
Opcode Fuzzy Hash: ff3de91bcc723c7058f9ae40172aa108857911825c2a51dd81b805bbeede19f4
Instruction Fuzzy Hash: D02159B7E1162547F3508D65DC98392B293EBD1321F2F81B88E186BBC9D97E5D0A83C4

Function 00B740C7 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a3e012eb9841ee9863385dc754134086fa86e255e2d7ed7c857e572aee2ec64
Instruction ID: e30763253618a254fa281fa3c5469671831578213d5a34503249e7ead53bc419
Opcode Fuzzy Hash: 9a3e012eb9841ee9863385dc754134086fa86e255e2d7ed7c857e572aee2ec64
Instruction Fuzzy Hash: 0E218EF3F5152647F308887ACC58352668397E4325F2FC1788B18ABBCAD97D9C065384

Function 00C34361 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c9df6cef243cc3b07260e3400e142048900e6dd58dbe61a56cb53cfeec65480
Instruction ID: 82520c901d789aef1d13846cbb7313fe179c50abc70a5e1f3f53bafa2fa8a22e
Opcode Fuzzy Hash: 6c9df6cef243cc3b07260e3400e142048900e6dd58dbe61a56cb53cfeec65480
Instruction Fuzzy Hash: C6213BF7F506210BF3584839CD953A6558397D4324F2F82398B5EA7BC9DC7E9D060284

Function 00C243F9 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bea1e69e7f4b126c150d777b8f185a66e7ad66409d182fd7fbddb562ec52362b
Instruction ID: f5890a0a3f462da8cc789cfaf20af58cdc7e06e67a84ad14e56eda4de85a04f0
Opcode Fuzzy Hash: bea1e69e7f4b126c150d777b8f185a66e7ad66409d182fd7fbddb562ec52362b
Instruction Fuzzy Hash: AB214AF3E126214BF3948875CD58362A582A7E0324F2F82798F5D776C5EC7E180A4288

Function 00C3038F Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c49a695d1bbfdaead5cf1ef0f0b711e43015cc3f8258e9ba5d744165def4a93
Instruction ID: 50f6515d51019cb3a3e16b2aeb671293e44bd8832e5b39e19e142e38a9fa8eb1
Opcode Fuzzy Hash: 7c49a695d1bbfdaead5cf1ef0f0b711e43015cc3f8258e9ba5d744165def4a93
Instruction Fuzzy Hash: F3215EF7F416214BF3584839CD5836265839BD4724F2F82798B8DABBC9DCBE5D0A4284

Function 00B3917A Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7229407a64f70493bdb60e4d2bfd32995e96d0152a3fd00b040109024fa9c32f
Instruction ID: 3ebc8e7534ed3c40965315b14fcfbd167e9ec2921ca2b4d8aae7a58f734b273f
Opcode Fuzzy Hash: 7229407a64f70493bdb60e4d2bfd32995e96d0152a3fd00b040109024fa9c32f
Instruction Fuzzy Hash: 612136F7F1093007F3988868ED4839261429BA4305F2F82788E5CB77CAE87E5C4852C4

Function 00B863C2 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1820d29bc726676f42e5d000d321523ecfcdba1049f460aacc6d9f302d70a8e5
Instruction ID: 6337d41392df2301f1d9562e5703f7f61b75faa38cb7394d83eff737cfdda6a3
Opcode Fuzzy Hash: 1820d29bc726676f42e5d000d321523ecfcdba1049f460aacc6d9f302d70a8e5
Instruction Fuzzy Hash: 9F2119F7F115224BF39848B8DD9836265439B95310F2F82798F0C6B6C5DC7E5D0952C4

Function 00C322C0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a45b320bb0e5b4c95f7fa5d58be1a1f7a915d5bd8c78a1880e1097a753470771
Instruction ID: 89204857c714c38d2084428847fa3b916ef5cdb6459ab552f78376120bad2f4a
Opcode Fuzzy Hash: a45b320bb0e5b4c95f7fa5d58be1a1f7a915d5bd8c78a1880e1097a753470771
Instruction Fuzzy Hash: 9F115AF3F2012547F7645839DD083A2624397E9320F2F82798F5C6B6C6E8BE9C461284

Function 00B06210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: 6e8dc38e0d163963bf24be48b2cc65ed38c7dcd263281b9eb36404f64b874e7a
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 2611E533A091E40ED3168D3C8440565BFE34AE3734B2983D9F4B89B2D2D6228D8A9364

Function 00AEC300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: 96db73deb3084896bcfa96451b152fa7cead7fe16ae4ee0535986c8cf9278638
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: EDF03160114B924AD7318F3A8524373FFF0AB13228F545A4CC5E35BAD2D366D10A8794

Function 00AFE0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: dcc75d93dd99861d488fd93cb49f815c0c849b3b361bc5cc5ff81e83de95d907
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: F9F065104087E28ADB238B7E44606B2AFE19B63120B181BD5D9E19B2D7C3199496C36A

Function 00AFD116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1478378507.0000000000AD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AD0000, based on PE: true

Associated: 00000000.00000002.1478356401.0000000000AD0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478378507.0000000000B15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478427718.0000000000B23000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000B25000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000CB4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000D8F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DBB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DC2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478443691.0000000000DD1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478835299.0000000000DD2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478977819.0000000000F73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1478992802.0000000000F74000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ad0000_HJVzgKyC0y.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db855a6ab677bd699a4a6f78c7a01d745f4b7df4e437a42206f97927e36f1a3d
Instruction ID: 5a100b884febb41e72e69fe82f03452ff71fc2a12f721c1f1bb1f909debb1ebb
Opcode Fuzzy Hash: db855a6ab677bd699a4a6f78c7a01d745f4b7df4e437a42206f97927e36f1a3d
Instruction Fuzzy Hash: 2C012D706442429BD304CF38CDE05B7FBA1FB86364B08C75DD5568B796CA34D442C795

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report HJVzgKyC0y.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
HJVzgKyC0y.exe

Function 00ADB100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Function 00AD8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Function 00B0E110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00B11720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Function 00AD9D1E Relevance: 3.1, APIs: 2, Instructions: 142
libraryCOMMON

Function 00B0E0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Function 00AD9EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Function 00B0C570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Function 00B0C55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON