Edit tour

Windows Analysis Report
SQHE4Hsjo6.exe

Overview

General Information

Sample name:	SQHE4Hsjo6.exe renamed because original name is a hash value
Original sample name:	1a626afefe6f365eb064084cb40a98e6.exe
Analysis ID:	1581629
MD5:	1a626afefe6f365eb064084cb40a98e6
SHA1:	a24c9d6bfe37546ed15324d6c27970c8cee09d76
SHA256:	c551ad3bfe36abcc4e7230e48298289b3aead67508a230cdbffa44fd02f869e3
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SQHE4Hsjo6.exe (PID: 2788 cmdline: "C:\Users\user\Desktop\SQHE4Hsjo6.exe" MD5: 1A626AFEFE6F365EB064084CB40A98E6)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["inherineau.buzz", "screwamusresz.buzz", "cashfuzysao.buzz", "appliacnesot.buzz", "hummskitnj.buzz", "prisonyfork.buzz", "rebuildeso.buzz", "mindhandru.buzz", "scentniej.buzz"], "Build id": "PsFKDg--pablo"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:43.547151+0100	2028371	3	Unknown Traffic	192.168.2.6	49707	23.55.153.106	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:41.497241+0100	2058572	1	Domain Observed Used for C2 Detected	192.168.2.6	56466	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:41.641687+0100	2058576	1	Domain Observed Used for C2 Detected	192.168.2.6	55929	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:41.785796+0100	2058578	1	Domain Observed Used for C2 Detected	192.168.2.6	56691	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:41.205205+0100	2058580	1	Domain Observed Used for C2 Detected	192.168.2.6	63065	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:40.552645+0100	2058582	1	Domain Observed Used for C2 Detected	192.168.2.6	49222	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:40.740745+0100	2058584	1	Domain Observed Used for C2 Detected	192.168.2.6	58049	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:40.914207+0100	2058586	1	Domain Observed Used for C2 Detected	192.168.2.6	58074	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:41.062821+0100	2058588	1	Domain Observed Used for C2 Detected	192.168.2.6	52334	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:41.348109+0100	2058590	1	Domain Observed Used for C2 Detected	192.168.2.6	61566	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-28T10:06:44.390917+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.6	49707	23.55.153.106	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SQHE4Hsjo6.exe

Avira: detected

Found malware configuration

Source: SQHE4Hsjo6.exe.2788.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["inherineau.buzz", "screwamusresz.buzz", "cashfuzysao.buzz", "appliacnesot.buzz", "hummskitnj.buzz", "prisonyfork.buzz", "rebuildeso.buzz", "mindhandru.buzz", "scentniej.buzz"], "Build id": "PsFKDg--pablo"}

Multi AV Scanner detection for submitted file

Source: SQHE4Hsjo6.exe	Virustotal: Detection: 57%			Perma Link
Source: SQHE4Hsjo6.exe	ReversingLabs: Detection: 55%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: SQHE4Hsjo6.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: hummskitnj.buzz
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: appliacnesot.buzz
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: screwamusresz.buzz
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: inherineau.buzz
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: scentniej.buzz
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: rebuildeso.buzz
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: prisonyfork.buzz
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mindhandru.buzz
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: PsFKDg--pablo

Source: SQHE4Hsjo6.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.6:49707 version: TLS 1.2

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov edx, ebx	0_2_00BA8600
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00BE1720
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BCC09E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BCC0E6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BCE0DA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov eax, dword ptr [00BE6130h]	0_2_00BB8169
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BCC09E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00BD6210
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BC83E6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov ecx, eax	0_2_00BBC300
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00BE0340
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_00BCC465
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BCC465
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov edi, ecx	0_2_00BCA5B6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BC8528
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00BE06F0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov eax, ebx	0_2_00BBC8A0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_00BBC8A0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_00BBC8A0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_00BBC8A0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BC2830
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_00BDC830
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then push esi	0_2_00BAC805
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00BCC850
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_00BDC990
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BC89E9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00BCAAC0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00BA8A50
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_00BDCA40
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_00BBEB80
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov edx, ecx	0_2_00BB8B1B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_00BAAB40
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00BB4CA0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_00BACC7A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_00BDCDF0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_00BDCDF0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_00BDCDF0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_00BDCDF0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_00BDEDC1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov edx, ecx	0_2_00BC6D2E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_00BE0D20
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]	0_2_00BA2EB0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov ecx, eax	0_2_00BC2E6D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then jmp edx	0_2_00BC2E6D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00BC2E6D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BB6F52
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov esi, ecx	0_2_00BC90D0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov ecx, eax	0_2_00BCD116
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov ecx, eax	0_2_00BCD17D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00BCB170
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_00BE1160
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00BA73D0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00BA73D0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BCD34A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BB747D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_00BB747D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov eax, ebx	0_2_00BC7440
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_00BC7440
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_00BBB57D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00BA9780
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then jmp edx	0_2_00BC37D6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then jmp eax	0_2_00BC9739
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_00BC7740
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov ecx, eax	0_2_00BBD8AC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov ecx, eax	0_2_00BBD8AC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov edx, ecx	0_2_00BBB8F6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov edx, ecx	0_2_00BBB8F6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov ecx, eax	0_2_00BBD8D8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov ecx, eax	0_2_00BBD8D8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then jmp edx	0_2_00BC39B9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00BC39B9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00BCB980
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then dec edx	0_2_00BDFA20
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00BC1A10
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then dec edx	0_2_00BDFB10
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BCDDFF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then dec edx	0_2_00BDFD70
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov edx, ecx	0_2_00BC9E80
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00BCDE07
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then dec edx	0_2_00BDFE00
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_00BC5F1B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 4x nop then mov ecx, eax	0_2_00BCBF13

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058582 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz) : 192.168.2.6:49222 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.6:58049 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.6:58074 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.6:56691 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.6:63065 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.6:52334 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.6:55929 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.6:61566 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.6:56466 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49707 -> 23.55.153.106:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: inherineau.buzz
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: appliacnesot.buzz
Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: prisonyfork.buzz
Source: Malware configuration extractor	URLs: rebuildeso.buzz
Source: Malware configuration extractor	URLs: mindhandru.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz

Source: Joe Sandbox View

IP Address: 23.55.153.106 23.55.153.106

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49707 -> 23.55.153.106:443

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: .com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173656213.0000000001660000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity equals www.youtube.com (Youtube)
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=742a0d56e920702416b58bce; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 28 Dec 2024 09:06:44 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Controlrl.m" equals www.youtube.com (Youtube)
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: mindhandru.buzz
Source: global traffic	DNS traffic detected: DNS query: prisonyfork.buzz
Source: global traffic	DNS traffic detected: DNS query: rebuildeso.buzz
Source: global traffic	DNS traffic detected: DNS query: scentniej.buzz
Source: global traffic	DNS traffic detected: DNS query: inherineau.buzz
Source: global traffic	DNS traffic detected: DNS query: screwamusresz.buzz
Source: global traffic	DNS traffic detected: DNS query: appliacnesot.buzz
Source: global traffic	DNS traffic detected: DNS query: cashfuzysao.buzz
Source: global traffic	DNS traffic detected: DNS query: hummskitnj.buzz
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173656213.000000000160C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: SQHE4Hsjo6.exe, 00000000.00000002.2183706569.00000000015FF000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173656213.00000000015FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173656213.00000000015ED000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707

Source: unknown

HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.6:49707 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: SQHE4Hsjo6.exe	Static PE information: section name:
Source: SQHE4Hsjo6.exe	Static PE information: section name: .idata
Source: SQHE4Hsjo6.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BA8600	0_2_00BA8600
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BAB100	0_2_00BAB100
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCC09E	0_2_00BCC09E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C7A0E4	0_2_00C7A0E4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0A0F9	0_2_00C0A0F9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0E082	0_2_00C0E082
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CDC080	0_2_00CDC080
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BB60E9	0_2_00BB60E9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC209E	0_2_00CC209E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCC0E6	0_2_00BCC0E6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1609E	0_2_00C1609E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE4091	0_2_00CE4091
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4C0A4	0_2_00C4C0A4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9A0AA	0_2_00C9A0AA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C2E0A8	0_2_00C2E0A8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C140AC	0_2_00C140AC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4E0AA	0_2_00C4E0AA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1E0B3	0_2_00C1E0B3
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C400B6	0_2_00C400B6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCA0CA	0_2_00BCA0CA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD205F	0_2_00CD205F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCA061	0_2_00CCA061
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C52076	0_2_00C52076
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCE03D	0_2_00CCE03D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF603E	0_2_00CF603E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020	0_2_00D62020
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C781C7	0_2_00C781C7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBE1DF	0_2_00CBE1DF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C461E7	0_2_00C461E7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C381E0	0_2_00C381E0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCA1E4	0_2_00CCA1E4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CEA1E7	0_2_00CEA1E7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D041F9	0_2_00D041F9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C641EC	0_2_00C641EC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCE180	0_2_00BCE180
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C841F5	0_2_00C841F5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD618C	0_2_00CD618C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3E18B	0_2_00C3E18B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6618B	0_2_00C6618B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC81EA	0_2_00BC81EA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB4190	0_2_00CB4190
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA41AE	0_2_00CA41AE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF41A6	0_2_00CF41A6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6A1B4	0_2_00C6A1B4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C08141	0_2_00C08141
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C48145	0_2_00C48145
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA615D	0_2_00CA615D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE8166	0_2_00CE8166
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0416C	0_2_00C0416C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BB8169	0_2_00BB8169
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BA6160	0_2_00BA6160
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCC09E	0_2_00BCC09E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4412E	0_2_00C4412E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D002DB	0_2_00D002DB
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D022C8	0_2_00D022C8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB02E6	0_2_00CB02E6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C5C2FF	0_2_00C5C2FF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE0295	0_2_00CE0295
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C942AB	0_2_00C942AB
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1A2A4	0_2_00C1A2A4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC42D0	0_2_00BC42D0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C342B7	0_2_00C342B7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1C2B6	0_2_00C1C2B6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C8C2BF	0_2_00C8C2BF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C782BF	0_2_00C782BF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0A241	0_2_00C0A241
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BBE220	0_2_00BBE220
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C30258	0_2_00C30258
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6825D	0_2_00C6825D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBA269	0_2_00CBA269
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C50266	0_2_00C50266
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C2C27A	0_2_00C2C27A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C58278	0_2_00C58278
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C98277	0_2_00C98277
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC2205	0_2_00CC2205
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BA4270	0_2_00BA4270
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D0820D	0_2_00D0820D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD23C0	0_2_00CD23C0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D063C7	0_2_00D063C7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCC3EB	0_2_00CCC3EB
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C5A3F4	0_2_00C5A3F4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3E380	0_2_00C3E380
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC83E6	0_2_00BC83E6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6035C	0_2_00C6035C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC4360	0_2_00CC4360
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF037A	0_2_00CF037A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CEA377	0_2_00CEA377
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4A300	0_2_00C4A300
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCC30A	0_2_00CCC30A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1030B	0_2_00C1030B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFE301	0_2_00CFE301
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA0310	0_2_00CA0310
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9E312	0_2_00C9E312
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE2311	0_2_00CE2311
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CEE338	0_2_00CEE338
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFA4D8	0_2_00CFA4D8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C284F7	0_2_00C284F7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C8848C	0_2_00C8848C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC24E0	0_2_00BC24E0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA24A0	0_2_00CA24A0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C144AF	0_2_00C144AF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C624B4	0_2_00C624B4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC04C6	0_2_00BC04C6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C2E4B9	0_2_00C2E4B9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9C407	0_2_00C9C407
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C02412	0_2_00C02412
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BE0460	0_2_00BE0460
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C42421	0_2_00C42421
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C76421	0_2_00C76421
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CDA42A	0_2_00CDA42A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3A435	0_2_00C3A435
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BDA440	0_2_00BDA440
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3043E	0_2_00C3043E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C70438	0_2_00C70438
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C905D8	0_2_00C905D8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB45DC	0_2_00CB45DC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C665DF	0_2_00C665DF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C965D3	0_2_00C965D3
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BDC5A0	0_2_00BDC5A0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3C5E5	0_2_00C3C5E5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBE5F9	0_2_00CBE5F9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA8583	0_2_00CA8583
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BA65F0	0_2_00BA65F0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C86586	0_2_00C86586
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BDA5D4	0_2_00BDA5D4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCC53C	0_2_00BCC53C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C46552	0_2_00C46552
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D08572	0_2_00D08572
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CAA566	0_2_00CAA566
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C2A578	0_2_00C2A578
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB8508	0_2_00CB8508
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE4517	0_2_00CE4517
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC4560	0_2_00BC4560
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF052F	0_2_00CF052F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0E524	0_2_00C0E524
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA4523	0_2_00CA4523
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE8534	0_2_00CE8534
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC86DA	0_2_00CC86DA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C726EA	0_2_00C726EA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C886FA	0_2_00C886FA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF46F9	0_2_00CF46F9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BAE687	0_2_00BAE687
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CDA6F2	0_2_00CDA6F2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BE06F0	0_2_00BE06F0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C08698	0_2_00C08698
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C686A0	0_2_00C686A0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC46D0	0_2_00BC46D0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0A6B9	0_2_00C0A6B9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C26640	0_2_00C26640
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C50643	0_2_00C50643
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BBE630	0_2_00BBE630
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C8A643	0_2_00C8A643
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D0465D	0_2_00D0465D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9C66A	0_2_00C9C66A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C5A66D	0_2_00C5A66D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFC664	0_2_00CFC664
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1A670	0_2_00C1A670
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA0677	0_2_00CA0677
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9E60F	0_2_00C9E60F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C7A60F	0_2_00C7A60F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBA61A	0_2_00CBA61A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC461D	0_2_00CC461D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD6618	0_2_00CD6618
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C64618	0_2_00C64618
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA662A	0_2_00CA662A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D02637	0_2_00D02637
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE0624	0_2_00CE0624
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BD8650	0_2_00BD8650
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CDE620	0_2_00CDE620
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9263C	0_2_00C9263C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C7C63F	0_2_00C7C63F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3A7CF	0_2_00C3A7CF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C027D2	0_2_00C027D2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C8E7D4	0_2_00C8E7D4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C5C7D8	0_2_00C5C7D8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C567E5	0_2_00C567E5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA87FB	0_2_00CA87FB
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFA7FE	0_2_00CFA7FE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C367F1	0_2_00C367F1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCE7F2	0_2_00CCE7F2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CAA78D	0_2_00CAA78D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBC781	0_2_00CBC781
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C447AE	0_2_00C447AE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1676C	0_2_00C1676C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C20772	0_2_00C20772
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0477D	0_2_00C0477D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C10714	0_2_00C10714
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BB2750	0_2_00BB2750
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3872F	0_2_00C3872F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6072A	0_2_00C6072A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF2735	0_2_00CF2735
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3E73E	0_2_00C3E73E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BD88B0	0_2_00BD88B0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BBC8A0	0_2_00BBC8A0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4E8E7	0_2_00C4E8E7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD48E6	0_2_00CD48E6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFE88E	0_2_00CFE88E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD2885	0_2_00CD2885
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA2895	0_2_00CA2895
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D0688F	0_2_00D0688F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C608BD	0_2_00C608BD
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3E8BC	0_2_00C3E8BC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4A844	0_2_00C4A844
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE884D	0_2_00CE884D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C48848	0_2_00C48848
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C7285C	0_2_00C7285C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB8879	0_2_00CB8879
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9C808	0_2_00C9C808
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC680B	0_2_00CC680B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1E80B	0_2_00C1E80B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C8C81D	0_2_00C8C81D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6881D	0_2_00C6881D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE482B	0_2_00CE482B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6C82F	0_2_00C6C82F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C62835	0_2_00C62835
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC083A	0_2_00CC083A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BAC840	0_2_00BAC840
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C2483D	0_2_00C2483D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFC9CE	0_2_00CFC9CE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0A9CC	0_2_00C0A9CC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C809D5	0_2_00C809D5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF09E4	0_2_00CF09E4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF89FE	0_2_00CF89FE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C349FD	0_2_00C349FD
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCC9EB	0_2_00BCC9EB
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BE09E0	0_2_00BE09E0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C2A9AF	0_2_00C2A9AF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB69A4	0_2_00CB69A4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1A9B4	0_2_00C1A9B4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C549BC	0_2_00C549BC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA69B7	0_2_00CA69B7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C789B8	0_2_00C789B8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3694B	0_2_00C3694B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCE946	0_2_00CCE946
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6A962	0_2_00C6A962
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC6910	0_2_00BC6910
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C96965	0_2_00C96965
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D0096C	0_2_00D0096C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BBE960	0_2_00BBE960
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0E927	0_2_00C0E927
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC8ABC	0_2_00BC8ABC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C52AC6	0_2_00C52AC6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CAEAC9	0_2_00CAEAC9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C88ACE	0_2_00C88ACE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3AAE2	0_2_00C3AAE2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C58AE8	0_2_00C58AE8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C96AFA	0_2_00C96AFA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C38AFB	0_2_00C38AFB
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C10AFF	0_2_00C10AFF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB4A8F	0_2_00CB4A8F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE0A87	0_2_00CE0A87
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C26A97	0_2_00C26A97
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C46A92	0_2_00C46A92
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB2A90	0_2_00CB2A90
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C2CAA3	0_2_00C2CAA3
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF2AAD	0_2_00CF2AAD
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C7CAA1	0_2_00C7CAA1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC0AB1	0_2_00CC0AB1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C86A61	0_2_00C86A61
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9AA7F	0_2_00C9AA7F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CECA77	0_2_00CECA77
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB0A30	0_2_00CB0A30
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BDCA40	0_2_00BDCA40
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BA4BA0	0_2_00BA4BA0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C84BE3	0_2_00C84BE3
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C8EBFB	0_2_00C8EBFB
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BBEB80	0_2_00BBEB80
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB0B9E	0_2_00CB0B9E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0CB99	0_2_00C0CB99
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C76B9A	0_2_00C76B9A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF6BAE	0_2_00CF6BAE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C64BA2	0_2_00C64BA2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA8BAF	0_2_00CA8BAF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C94BA2	0_2_00C94BA2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C42BB4	0_2_00C42BB4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D5EB45	0_2_00D5EB45
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BF8B26	0_2_00BF8B26
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BB8B1B	0_2_00BB8B1B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C7EB65	0_2_00C7EB65
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C78B72	0_2_00C78B72
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C32B7F	0_2_00C32B7F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBCB01	0_2_00CBCB01
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9EB2B	0_2_00C9EB2B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC8B2A	0_2_00CC8B2A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD2B2A	0_2_00CD2B2A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB6B33	0_2_00CB6B33
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BAAB40	0_2_00BAAB40
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C02CCA	0_2_00C02CCA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C2ACD1	0_2_00C2ACD1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BB4CA0	0_2_00BB4CA0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C14CE1	0_2_00C14CE1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C06CE6	0_2_00C06CE6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C40CF9	0_2_00C40CF9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C68C86	0_2_00C68C86
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1EC84	0_2_00C1EC84
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C60C9A	0_2_00C60C9A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D68CB4	0_2_00D68CB4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFECAA	0_2_00CFECAA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C70C41	0_2_00C70C41
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CDEC44	0_2_00CDEC44
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D06C5B	0_2_00D06C5B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBCC53	0_2_00CBCC53
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CACC57	0_2_00CACC57
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D00C4E	0_2_00D00C4E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB2C7A	0_2_00CB2C7A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C80C7B	0_2_00C80C7B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C66C04	0_2_00C66C04
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C56C02	0_2_00C56C02
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CECC06	0_2_00CECC06
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C20C0E	0_2_00C20C0E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CEEC2E	0_2_00CEEC2E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C88C2E	0_2_00C88C2E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCCC3D	0_2_00CCCC3D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D04C22	0_2_00D04C22
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C04C39	0_2_00C04C39
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA0DCC	0_2_00CA0DCC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6EDD5	0_2_00C6EDD5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9ADDF	0_2_00C9ADDF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4CDDD	0_2_00C4CDDD
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C18DDB	0_2_00C18DDB
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C5ADE1	0_2_00C5ADE1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB4DE1	0_2_00CB4DE1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0EDED	0_2_00C0EDED
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C46DF4	0_2_00C46DF4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE0D8E	0_2_00CE0D8E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D02D95	0_2_00D02D95
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C62D8E	0_2_00C62D8E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BDCDF0	0_2_00BDCDF0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CDCD83	0_2_00CDCD83
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C8AD98	0_2_00C8AD98
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3ED91	0_2_00C3ED91
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBED9F	0_2_00CBED9F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6ADA6	0_2_00C6ADA6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C70DA6	0_2_00C70DA6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C92D4B	0_2_00C92D4B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D08D58	0_2_00D08D58
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C26D4D	0_2_00C26D4D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC6D2E	0_2_00BC6D2E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA6D58	0_2_00CA6D58
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BE0D20	0_2_00BE0D20
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1AD70	0_2_00C1AD70
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C48D7C	0_2_00C48D7C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C98D04	0_2_00C98D04
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCCD5E	0_2_00BCCD5E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCCD4C	0_2_00BCCD4C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BA2EB0	0_2_00BA2EB0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BBAEB0	0_2_00BBAEB0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C00ECD	0_2_00C00ECD
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BD8EA0	0_2_00BD8EA0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C76EE6	0_2_00C76EE6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C56EEE	0_2_00C56EEE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BF6E89	0_2_00BF6E89
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C94E8C	0_2_00C94E8C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCEEAC	0_2_00CCEEAC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C5CEA9	0_2_00C5CEA9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D06EA7	0_2_00D06EA7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC0EB7	0_2_00CC0EB7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C10EBD	0_2_00C10EBD
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C68E55	0_2_00C68E55
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE2E50	0_2_00CE2E50
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFCE6D	0_2_00CFCE6D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF0E61	0_2_00CF0E61
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF4E7B	0_2_00CF4E7B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB8E7D	0_2_00CB8E7D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C90E72	0_2_00C90E72
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC0E6C	0_2_00BC0E6C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C26E12	0_2_00C26E12
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC2E6D	0_2_00BC2E6D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA4E12	0_2_00CA4E12
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCEE63	0_2_00BCEE63
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFAE2D	0_2_00CFAE2D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF8E2B	0_2_00CF8E2B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C24E30	0_2_00C24E30
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BACE45	0_2_00BACE45
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD8FCF	0_2_00CD8FCF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBCFDF	0_2_00CBCFDF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D00FF2	0_2_00D00FF2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6EFEE	0_2_00C6EFEE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C7AFEF	0_2_00C7AFEF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CECFF5	0_2_00CECFF5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFEF8B	0_2_00CFEF8B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF8F82	0_2_00CF8F82
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C12F8F	0_2_00C12F8F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD0F9F	0_2_00CD0F9F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CAAFB7	0_2_00CAAFB7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC6F59	0_2_00CC6F59
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C38F68	0_2_00C38F68
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB6F65	0_2_00CB6F65
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C58F73	0_2_00C58F73
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC2F70	0_2_00CC2F70
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6CF7B	0_2_00C6CF7B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1AF03	0_2_00C1AF03
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC4F1C	0_2_00CC4F1C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE8F1B	0_2_00CE8F1B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD4F15	0_2_00CD4F15
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C22F22	0_2_00C22F22
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BB6F52	0_2_00BB6F52
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C96F37	0_2_00C96F37
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C50F3A	0_2_00C50F3A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA70D9	0_2_00CA70D9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C530D1	0_2_00C530D1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB70DC	0_2_00CB70DC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C2B0DC	0_2_00C2B0DC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C030E9	0_2_00C030E9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CDB0A1	0_2_00CDB0A1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA50BC	0_2_00CA50BC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D55053	0_2_00D55053
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BAD021	0_2_00BAD021
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C33058	0_2_00C33058
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BBD003	0_2_00BBD003
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB3000	0_2_00CB3000
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCD01F	0_2_00CCD01F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C75028	0_2_00C75028
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4D1C5	0_2_00C4D1C5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC91AE	0_2_00BC91AE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C491D7	0_2_00C491D7
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C411D3	0_2_00C411D3
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4B1D3	0_2_00C4B1D3
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA91D5	0_2_00CA91D5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BDF18B	0_2_00BDF18B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF118C	0_2_00CF118C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1719A	0_2_00C1719A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4F1A9	0_2_00C4F1A9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9F1B9	0_2_00C9F1B9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C911BB	0_2_00C911BB
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CA31BF	0_2_00CA31BF
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C951B3	0_2_00C951B3
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C5B159	0_2_00C5B159
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBF173	0_2_00CBF173
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C79107	0_2_00C79107
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D03110	0_2_00D03110
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C99108	0_2_00C99108
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0510C	0_2_00C0510C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0F11B	0_2_00C0F11B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CEF112	0_2_00CEF112
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6B126	0_2_00C6B126
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE5126	0_2_00CE5126
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C15131	0_2_00C15131
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFB13B	0_2_00CFB13B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C71130	0_2_00C71130
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C7313B	0_2_00C7313B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE12CE	0_2_00CE12CE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C832C2	0_2_00C832C2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CC32DD	0_2_00CC32DD
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C592D1	0_2_00C592D1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C112D8	0_2_00C112D8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CBD2D5	0_2_00CBD2D5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CB92E8	0_2_00CB92E8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D072F3	0_2_00D072F3
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C952E6	0_2_00C952E6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1B2F1	0_2_00C1B2F1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C7D2FB	0_2_00C7D2FB
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BD9280	0_2_00BD9280
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD728D	0_2_00CD728D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C2B287	0_2_00C2B287
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCB28A	0_2_00CCB28A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9B283	0_2_00C9B283
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD3287	0_2_00CD3287
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0B28E	0_2_00C0B28E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C9D298	0_2_00C9D298
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CD529F	0_2_00CD529F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C25295	0_2_00C25295
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BF72E5	0_2_00BF72E5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D0928D	0_2_00D0928D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C232BA	0_2_00C232BA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BB1227	0_2_00BB1227
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C69264	0_2_00C69264
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1926B	0_2_00C1926B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D67218	0_2_00D67218
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CE321E	0_2_00CE321E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C0D228	0_2_00C0D228
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C613C1	0_2_00C613C1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C633CE	0_2_00C633CE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C053D0	0_2_00C053D0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CF73D4	0_2_00CF73D4
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C213E1	0_2_00C213E1
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D013E0	0_2_00D013E0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C673FC	0_2_00C673FC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C53389	0_2_00C53389
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3D3A3	0_2_00C3D3A3
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C8B3AC	0_2_00C8B3AC
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BA73D0	0_2_00BA73D0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BAF3C0	0_2_00BAF3C0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C073BE	0_2_00C073BE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BF7336	0_2_00BF7336
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C6535A	0_2_00C6535A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CCF36A	0_2_00CCF36A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C3B36B	0_2_00C3B36B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BA9310	0_2_00BA9310
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CAF360	0_2_00CAF360
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C89364	0_2_00C89364
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFD309	0_2_00CFD309
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCF377	0_2_00BCF377
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CAB32C	0_2_00CAB32C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C51334	0_2_00C51334
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BCD34A	0_2_00BCD34A
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BC1340	0_2_00BC1340
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CDD4C6	0_2_00CDD4C6
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00CFF4C2	0_2_00CFF4C2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C1B4D0	0_2_00C1B4D0

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: String function: 00BB4C90 appears 77 times
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: String function: 00BA7F60 appears 39 times

Source: SQHE4Hsjo6.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: SQHE4Hsjo6.exe	Static PE information: Section: ZLIB complexity 0.9996744791666666
Source: SQHE4Hsjo6.exe	Static PE information: Section: dtrzpnoi ZLIB complexity 0.9948184354863455

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

Code function: 0_2_00BD2070 CoCreateInstance,

0_2_00BD2070

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SQHE4Hsjo6.exe	Virustotal: Detection: 57%
Source: SQHE4Hsjo6.exe	ReversingLabs: Detection: 55%

Source: SQHE4Hsjo6.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

File read: C:\Users\user\Desktop\SQHE4Hsjo6.exe

Jump to behavior

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Section loaded: dpapi.dll	Jump to behavior

Source: SQHE4Hsjo6.exe

Static file information: File size 1840640 > 1048576

Source: SQHE4Hsjo6.exe

Static PE information: Raw size of dtrzpnoi is bigger than: 0x100000 < 0x197600

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

Unpacked PE file: 0.2.SQHE4Hsjo6.exe.ba0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dtrzpnoi:EW;fjtsvaxi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;dtrzpnoi:EW;fjtsvaxi:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: SQHE4Hsjo6.exe

Static PE information: real checksum: 0x1cb380 should be: 0x1ca82c

Source: SQHE4Hsjo6.exe	Static PE information: section name:
Source: SQHE4Hsjo6.exe	Static PE information: section name: .idata
Source: SQHE4Hsjo6.exe	Static PE information: section name:
Source: SQHE4Hsjo6.exe	Static PE information: section name: dtrzpnoi
Source: SQHE4Hsjo6.exe	Static PE information: section name: fjtsvaxi
Source: SQHE4Hsjo6.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BF932B push 2A5139ECh; mov dword ptr [esp], ebp	0_2_00BFA24E
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BF97AF push 651EBA53h; mov dword ptr [esp], edx	0_2_00BF9856
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4C0A4 push edi; mov dword ptr [esp], eax	0_2_00C4C3BA
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4C0A4 push 498E5602h; mov dword ptr [esp], edx	0_2_00C4C3C2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4C0A4 push 0F5731DFh; mov dword ptr [esp], ebp	0_2_00C4C44C
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4C0A4 push edi; mov dword ptr [esp], ebx	0_2_00C4C51D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00C4C0A4 push 4C3AE9A7h; mov dword ptr [esp], ebx	0_2_00C4C628
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BFC0C9 push ebx; mov dword ptr [esp], ecx	0_2_00BFC0D0
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BFC02E push ebx; mov dword ptr [esp], 70CED90Ah	0_2_00BFC046
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BFC02E push edx; mov dword ptr [esp], ebx	0_2_00BFD84D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00BFC018 push ebx; mov dword ptr [esp], edi	0_2_00BFC01F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00DE606F push esi; mov dword ptr [esp], 313F6E79h	0_2_00DE60B8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00DE606F push 5831C1E2h; mov dword ptr [esp], edi	0_2_00DE6102
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00DE606F push 4A0ED23Eh; mov dword ptr [esp], esp	0_2_00DE613F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00DD6015 push esi; mov dword ptr [esp], ebp	0_2_00DD605F
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push 7E0E1753h; mov dword ptr [esp], ebp	0_2_00D62053
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push edx; mov dword ptr [esp], esi	0_2_00D620CE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push ebx; mov dword ptr [esp], edx	0_2_00D620D2
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push 602BC300h; mov dword ptr [esp], edx	0_2_00D620E5
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push 7BD8F18Dh; mov dword ptr [esp], edx	0_2_00D6210B
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push ebp; mov dword ptr [esp], edx	0_2_00D62122
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push ecx; mov dword ptr [esp], edi	0_2_00D62152
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push ebx; mov dword ptr [esp], ebp	0_2_00D62192
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push edi; mov dword ptr [esp], 777B1442h	0_2_00D62196
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push ebx; mov dword ptr [esp], ecx	0_2_00D621AD
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push 369DC5F0h; mov dword ptr [esp], ebp	0_2_00D622A3
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push edi; mov dword ptr [esp], 7FE779F0h	0_2_00D622F8
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push eax; mov dword ptr [esp], ecx	0_2_00D6232D
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push 20042300h; mov dword ptr [esp], eax	0_2_00D62369
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push edx; mov dword ptr [esp], esp	0_2_00D623B9
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Code function: 0_2_00D62020 push eax; mov dword ptr [esp], ebp	0_2_00D62457

Source: SQHE4Hsjo6.exe	Static PE information: section name: entropy: 7.983016168577722
Source: SQHE4Hsjo6.exe	Static PE information: section name: dtrzpnoi entropy: 7.953888646531643

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Window searched: window name: Regmonclass	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D6F696 second address: D6F6A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 ja 00007F93A8F20C26h 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D6F83D second address: D6F850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F93A913F996h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F93A913F996h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72C6A second address: D72C83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F93A8F20C32h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72C83 second address: D72C93 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F93A913F996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72C93 second address: D72CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F93A8F20C26h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72CA0 second address: D72CB8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F93A913F996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jnl 00007F93A913F9A4h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72CB8 second address: D72CE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F93A8F20C26h 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007F93A8F20C32h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pop edx 0x0000001b pop eax 0x0000001c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72CE1 second address: BF8AA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F9A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a mov dx, DAC5h 0x0000000e push dword ptr [ebp+122D1639h] 0x00000014 push edx 0x00000015 mov dx, cx 0x00000018 pop ecx 0x00000019 call dword ptr [ebp+122D284Eh] 0x0000001f pushad 0x00000020 mov dword ptr [ebp+122D2E8Ch], edi 0x00000026 xor eax, eax 0x00000028 ja 00007F93A913F99Ch 0x0000002e or dword ptr [ebp+122D2E8Ch], esi 0x00000034 mov edx, dword ptr [esp+28h] 0x00000038 jmp 00007F93A913F9A1h 0x0000003d mov dword ptr [ebp+122D379Eh], eax 0x00000043 mov dword ptr [ebp+122D25F0h], ebx 0x00000049 mov esi, 0000003Ch 0x0000004e sub dword ptr [ebp+122D2E8Ch], ecx 0x00000054 add esi, dword ptr [esp+24h] 0x00000058 pushad 0x00000059 mov edi, 2B242506h 0x0000005e mov edx, 275888BAh 0x00000063 popad 0x00000064 lodsw 0x00000066 or dword ptr [ebp+122D25F0h], esi 0x0000006c add eax, dword ptr [esp+24h] 0x00000070 cmc 0x00000071 mov ebx, dword ptr [esp+24h] 0x00000075 or dword ptr [ebp+122D2E8Ch], edi 0x0000007b cmc 0x0000007c push eax 0x0000007d push eax 0x0000007e push edx 0x0000007f jmp 00007F93A913F9A8h 0x00000084 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72D1C second address: D72D6E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F93A8F20C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov dword ptr [esp], eax 0x0000000e jc 00007F93A8F20C29h 0x00000014 add ch, 0000004Ch 0x00000017 jmp 00007F93A8F20C2Dh 0x0000001c push 00000000h 0x0000001e jmp 00007F93A8F20C2Ah 0x00000023 push A8431418h 0x00000028 pushad 0x00000029 jmp 00007F93A8F20C39h 0x0000002e push edi 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72D6E second address: D72DCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 add dword ptr [esp], 57BCEC68h 0x0000000d jmp 00007F93A913F9A8h 0x00000012 push 00000003h 0x00000014 movzx edi, di 0x00000017 push 00000000h 0x00000019 mov dword ptr [ebp+122D186Ah], ecx 0x0000001f push 00000003h 0x00000021 xor ecx, dword ptr [ebp+122D3782h] 0x00000027 call 00007F93A913F999h 0x0000002c jmp 00007F93A913F9A4h 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72DCC second address: D72DD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72DD0 second address: D72DE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F9A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72DE6 second address: D72DEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72DEC second address: D72DF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72DF0 second address: D72E27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d jns 00007F93A8F20C28h 0x00000013 pushad 0x00000014 jmp 00007F93A8F20C2Ah 0x00000019 jmp 00007F93A8F20C2Fh 0x0000001e popad 0x0000001f popad 0x00000020 mov eax, dword ptr [eax] 0x00000022 pushad 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72E27 second address: D72E2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72E2F second address: D72E73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 pop eax 0x00000014 pop eax 0x00000015 mov si, 40DAh 0x00000019 lea ebx, dword ptr [ebp+1244DBCDh] 0x0000001f call 00007F93A8F20C35h 0x00000024 mov cx, 3D5Ch 0x00000028 pop ecx 0x00000029 xchg eax, ebx 0x0000002a jl 00007F93A8F20C30h 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72F44 second address: D72FF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F9A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 7D4300CDh 0x00000010 jg 00007F93A913F99Ch 0x00000016 push 00000003h 0x00000018 mov edi, dword ptr [ebp+122D24E8h] 0x0000001e push 00000000h 0x00000020 mov edi, dword ptr [ebp+122D25C1h] 0x00000026 push 00000003h 0x00000028 jmp 00007F93A913F9A0h 0x0000002d mov ecx, dword ptr [ebp+122D1C82h] 0x00000033 push 746F8AEDh 0x00000038 jmp 00007F93A913F9A8h 0x0000003d add dword ptr [esp], 4B907513h 0x00000044 jmp 00007F93A913F9A5h 0x00000049 lea ebx, dword ptr [ebp+1244DBD6h] 0x0000004f mov cx, A005h 0x00000053 xchg eax, ebx 0x00000054 jmp 00007F93A913F99Ah 0x00000059 push eax 0x0000005a pushad 0x0000005b jns 00007F93A913F99Ch 0x00000061 jc 00007F93A913F996h 0x00000067 push eax 0x00000068 push edx 0x00000069 push edx 0x0000006a pop edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D72FF3 second address: D72FF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D73042 second address: D730BB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F93A913F9AAh 0x00000008 jmp 00007F93A913F9A4h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jc 00007F93A913F9A5h 0x00000016 jmp 00007F93A913F99Fh 0x0000001b nop 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007F93A913F998h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 00000018h 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 mov edx, 118A665Dh 0x0000003b push 00000000h 0x0000003d mov esi, dword ptr [ebp+122D17F7h] 0x00000043 mov dword ptr [ebp+122D186Ah], edi 0x00000049 push 94A442D9h 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F93A913F99Ah 0x00000055 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D730BB second address: D730C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D92E08 second address: D92E3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F99Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007F93A913F9A9h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D92E3A second address: D92E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D92E45 second address: D92E49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D66CB0 second address: D66CBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F93A8F20C26h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D66CBD second address: D66CC7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F93A913F99Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D66CC7 second address: D66CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F93A8F20C2Eh 0x0000000a push esi 0x0000000b pop esi 0x0000000c jp 00007F93A8F20C26h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 jo 00007F93A8F20C49h 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D66CE4 second address: D66CEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D91123 second address: D9112D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F93A8F20C26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D912A8 second address: D912F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jg 00007F93A913F99Ch 0x0000000d popad 0x0000000e jc 00007F93A913F9DFh 0x00000014 jmp 00007F93A913F9A7h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F93A913F9A9h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D912F6 second address: D912FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D915A5 second address: D915CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jns 00007F93A913F996h 0x0000000c popad 0x0000000d jmp 00007F93A913F9A5h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D915CB second address: D915D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D915D1 second address: D915D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D91859 second address: D9186B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F93A8F20C2Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D9186B second address: D91893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F9A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F93A913F996h 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D91893 second address: D918C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F93A8F20C32h 0x0000000d pop edi 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007F93A8F20C2Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D918C2 second address: D918C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D91A53 second address: D91A6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F93A8F20C2Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D91A6B second address: D91A6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D91A6F second address: D91A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D91A75 second address: D91AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F93A913F9BEh 0x0000000c push esi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D91D57 second address: D91D5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D89C79 second address: D89C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D6A299 second address: D6A29D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D9699E second address: D969C6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jbe 00007F93A913F996h 0x0000000d jno 00007F93A913F996h 0x00000013 pop ebx 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jnc 00007F93A913F99Eh 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D969C6 second address: D969CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D969CB second address: D969D4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D9AA89 second address: D9AA92 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D9AC83 second address: D9AC87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D9AC87 second address: D9AC91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D9AC91 second address: D9ACA3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F93A913F996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D9ACA3 second address: D9ACA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D9ACA9 second address: D9ACAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D9ACAF second address: D9ACB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D6A285 second address: D6A299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F93A913F996h 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jnl 00007F93A913F996h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D9FFB6 second address: D9FFBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA0166 second address: DA016C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA016C second address: DA0175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA0175 second address: DA0179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA0179 second address: DA017D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA0A92 second address: DA0AE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F93A913F996h 0x0000000a popad 0x0000000b js 00007F93A913F998h 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 push eax 0x00000015 push ecx 0x00000016 jmp 00007F93A913F99Fh 0x0000001b pop ecx 0x0000001c xchg eax, ebx 0x0000001d pushad 0x0000001e mov dh, al 0x00000020 jmp 00007F93A913F99Ah 0x00000025 popad 0x00000026 xor dword ptr [ebp+122D30E4h], eax 0x0000002c nop 0x0000002d jmp 00007F93A913F9A1h 0x00000032 push eax 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 push ecx 0x00000037 pop ecx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA0DBF second address: DA0DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F93A8F20C35h 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F93A8F20C33h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA0FC2 second address: DA0FC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA1042 second address: DA1055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA1F75 second address: DA1F79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA1F79 second address: DA1F83 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F93A8F20C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA1F83 second address: DA1F88 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA1F88 second address: DA1FB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 add dword ptr [ebp+122D25F7h], ebx 0x0000000e push 00000000h 0x00000010 mov edi, dword ptr [ebp+122D364Ah] 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+122D1880h], edi 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F93A8F20C2Ch 0x00000026 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA3042 second address: DA3046 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DAAFD7 second address: DAAFE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F93A8F20C2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DABF7B second address: DABFCC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 sub dword ptr [ebp+124715CEh], esi 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F93A913F998h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b mov dword ptr [ebp+122D28BBh], edx 0x00000031 push 00000000h 0x00000033 sbb bh, 00000072h 0x00000036 xchg eax, esi 0x00000037 jmp 00007F93A913F9A1h 0x0000003c push eax 0x0000003d pushad 0x0000003e pushad 0x0000003f push ecx 0x00000040 pop ecx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DAB10F second address: DAB119 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F93A8F20C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DACF29 second address: DACF88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F93A913F9A6h 0x0000000c pop edx 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 xor ebx, dword ptr [ebp+122D25DCh] 0x00000017 push 00000000h 0x00000019 jbe 00007F93A913F996h 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007F93A913F998h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b xchg eax, esi 0x0000003c jbe 00007F93A913F99Eh 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DAC0E0 second address: DAC182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jmp 00007F93A8F20C32h 0x0000000a nop 0x0000000b ja 00007F93A8F20C2Ch 0x00000011 push dword ptr fs:[00000000h] 0x00000018 mov dword ptr [ebp+122D1B4Ah], ebx 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push eax 0x00000028 call 00007F93A8F20C28h 0x0000002d pop eax 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 add dword ptr [esp+04h], 00000016h 0x0000003a inc eax 0x0000003b push eax 0x0000003c ret 0x0000003d pop eax 0x0000003e ret 0x0000003f xor edi, 79112A62h 0x00000045 mov eax, dword ptr [ebp+122D05D5h] 0x0000004b push 00000000h 0x0000004d push esi 0x0000004e call 00007F93A8F20C28h 0x00000053 pop esi 0x00000054 mov dword ptr [esp+04h], esi 0x00000058 add dword ptr [esp+04h], 0000001Ah 0x00000060 inc esi 0x00000061 push esi 0x00000062 ret 0x00000063 pop esi 0x00000064 ret 0x00000065 mov dword ptr [ebp+122D18C4h], edx 0x0000006b push FFFFFFFFh 0x0000006d or dword ptr [ebp+122D2903h], edx 0x00000073 push eax 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007F93A8F20C2Dh 0x0000007b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DADE33 second address: DADE5A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F93A913F9A5h 0x0000000b popad 0x0000000c push eax 0x0000000d jc 00007F93A913F9A4h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DADE5A second address: DADE5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB24F7 second address: DB24FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB24FB second address: DB24FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB1466 second address: DB146C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB146C second address: DB147A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F93A8F20C2Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB257F second address: DB2594 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F9A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB26B4 second address: DB26B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB26B8 second address: DB2738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop ebx 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e jmp 00007F93A913F9A0h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007F93A913F998h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 00000015h 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b push eax 0x0000003c pop edi 0x0000003d mov eax, dword ptr [ebp+122D1661h] 0x00000043 push 00000000h 0x00000045 push ebp 0x00000046 call 00007F93A913F998h 0x0000004b pop ebp 0x0000004c mov dword ptr [esp+04h], ebp 0x00000050 add dword ptr [esp+04h], 00000019h 0x00000058 inc ebp 0x00000059 push ebp 0x0000005a ret 0x0000005b pop ebp 0x0000005c ret 0x0000005d push FFFFFFFFh 0x0000005f mov dword ptr [ebp+122D2CD9h], eax 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 push edx 0x00000069 push eax 0x0000006a push edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB444B second address: DB4450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB2738 second address: DB273D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB6259 second address: DB625D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB7215 second address: DB7228 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F99Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB6438 second address: DB643E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB838F second address: DB8395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB94AE second address: DB94CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F93A8F20C34h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB8395 second address: DB839A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DBA2C7 second address: DBA2CC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DB84D1 second address: DB84EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F93A913F9A6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DBB2B8 second address: DBB2DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jnl 00007F93A8F20C26h 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DBB2DC second address: DBB2E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC469C second address: DC46B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C33h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC3D99 second address: DC3D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC3D9F second address: DC3DAF instructions: 0x00000000 rdtsc 0x00000002 jns 00007F93A8F20C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC3DAF second address: DC3DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC3F16 second address: DC3F20 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F93A8F20C26h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC3F20 second address: DC3F26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC40CE second address: DC40D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC40D2 second address: DC40DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC422B second address: DC4240 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C2Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC83A5 second address: DC83B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F93A913F996h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC83B2 second address: DC83CC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F93A8F20C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F93A8F20C2Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC83CC second address: DC841D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F99Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e jnc 00007F93A913F99Ch 0x00000014 jmp 00007F93A913F9A3h 0x00000019 popad 0x0000001a mov eax, dword ptr [eax] 0x0000001c jl 00007F93A913F9B4h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F93A913F9A2h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC841D second address: DC8421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DC8421 second address: DC8447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b jg 00007F93A913F99Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F93A913F99Dh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DCF7A6 second address: DCF7AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DCFA98 second address: DCFA9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DCFA9C second address: DCFAC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jo 00007F93A8F20C26h 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F93A8F20C37h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DCFC4C second address: DCFC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DCFEAB second address: DCFEB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DCFEB0 second address: DCFEB5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD6819 second address: DD6830 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F93A8F20C2Bh 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D61B45 second address: D61B61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F93A913F9A4h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD52B3 second address: DD52B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD52B9 second address: DD52C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD52C5 second address: DD52D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jbe 00007F93A8F20C2Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD52D2 second address: DD52DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD599D second address: DD59AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C2Ah 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD5F11 second address: DD5F26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jc 00007F93A913F996h 0x0000000e jl 00007F93A913F996h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD5F26 second address: DD5F57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F93A8F20C32h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F93A8F20C2Fh 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD5F57 second address: DD5F5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD5F5D second address: DD5F67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F93A8F20C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD5F67 second address: DD5F6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD6215 second address: DD622E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F93A8F20C2Fh 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D8A707 second address: D8A726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F93A913F99Bh 0x00000009 jmp 00007F93A913F99Fh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DD6650 second address: DD666C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F93A8F20C38h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D5CB9F second address: D5CBA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D5CBA3 second address: D5CBA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D5CBA7 second address: D5CBB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DDDABD second address: DDDAD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F93A8F20C2Dh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jbe 00007F93A8F20C2Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DDCACF second address: DDCAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DDCEC4 second address: DDCED2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F93A8F20C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DDCED2 second address: DDCEDF instructions: 0x00000000 rdtsc 0x00000002 jng 00007F93A913F996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DDC50E second address: DDC51A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jno 00007F93A8F20C26h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DDC51A second address: DDC520 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DDC520 second address: DDC52A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DDD327 second address: DDD32C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D63700 second address: D63704 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D63704 second address: D6370C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D6370C second address: D63712 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: D63712 second address: D6372A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F9A4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DE512C second address: DE5146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F93A8F20C2Fh 0x00000009 jc 00007F93A8F20C26h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DE5146 second address: DE5154 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F93A913F99Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA9088 second address: D89C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push eax 0x0000000a mov dword ptr [ebp+122D1FEAh], edx 0x00000010 pop edi 0x00000011 call dword ptr [ebp+122D1892h] 0x00000017 pushad 0x00000018 jno 00007F93A8F20C28h 0x0000001e push esi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA9486 second address: DA948A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA948A second address: DA94BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F93A8F20C42h 0x00000010 pushad 0x00000011 jmp 00007F93A8F20C34h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA94BB second address: BF8AA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 jmp 00007F93A913F9A1h 0x0000000b push dword ptr [ebp+122D1639h] 0x00000011 add dl, FFFFFFEAh 0x00000014 call dword ptr [ebp+122D284Eh] 0x0000001a pushad 0x0000001b mov dword ptr [ebp+122D2E8Ch], edi 0x00000021 xor eax, eax 0x00000023 ja 00007F93A913F99Ch 0x00000029 or dword ptr [ebp+122D2E8Ch], esi 0x0000002f mov edx, dword ptr [esp+28h] 0x00000033 jmp 00007F93A913F9A1h 0x00000038 mov dword ptr [ebp+122D379Eh], eax 0x0000003e mov dword ptr [ebp+122D25F0h], ebx 0x00000044 mov esi, 0000003Ch 0x00000049 sub dword ptr [ebp+122D2E8Ch], ecx 0x0000004f add esi, dword ptr [esp+24h] 0x00000053 pushad 0x00000054 mov edi, 2B242506h 0x00000059 mov edx, 275888BAh 0x0000005e popad 0x0000005f lodsw 0x00000061 or dword ptr [ebp+122D25F0h], esi 0x00000067 add eax, dword ptr [esp+24h] 0x0000006b cmc 0x0000006c mov ebx, dword ptr [esp+24h] 0x00000070 or dword ptr [ebp+122D2E8Ch], edi 0x00000076 cmc 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a jmp 00007F93A913F9A8h 0x0000007f rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA95AE second address: DA95B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA96CE second address: DA96D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA9A00 second address: DA9A0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA9A0C second address: DA9A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA9F46 second address: DA9F4C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA9F4C second address: DA9F52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA9F52 second address: DA9F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA9FF4 second address: DAA00B instructions: 0x00000000 rdtsc 0x00000002 je 00007F93A913F99Ch 0x00000008 jng 00007F93A913F996h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push edx 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DAA164 second address: DAA17D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DAA17D second address: DAA181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DAA181 second address: DAA185 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DAA185 second address: DAA18E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DAA2F6 second address: D8A707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jne 00007F93A8F20C3Bh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F93A8F20C28h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D31D5h], ecx 0x0000002e lea eax, dword ptr [ebp+12483E03h] 0x00000034 mov dword ptr [ebp+122DB856h], edi 0x0000003a mov dx, F875h 0x0000003e push eax 0x0000003f jnc 00007F93A8F20C43h 0x00000045 mov dword ptr [esp], eax 0x00000048 adc edx, 0C84681Ch 0x0000004e call dword ptr [ebp+122D2D49h] 0x00000054 jmp 00007F93A8F20C2Fh 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DE5C4A second address: DE5C71 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 ja 00007F93A913F996h 0x00000009 pop ecx 0x0000000a jng 00007F93A913F998h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push ecx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F93A913F99Dh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DE8E3E second address: DE8E5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F93A8F20C38h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DE8E5A second address: DE8E88 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F93A913F996h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F93A913F99Ch 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F93A913F9A2h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DE8E88 second address: DE8EA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F93A8F20C2Fh 0x00000008 jnc 00007F93A8F20C26h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEB849 second address: DEB84F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEB84F second address: DEB85E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007F93A8F20C26h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEB85E second address: DEB862 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEB862 second address: DEB86D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEB9D9 second address: DEB9DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEBB75 second address: DEBBA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F93A8F20C26h 0x0000000a jmp 00007F93A8F20C38h 0x0000000f popad 0x00000010 jp 00007F93A8F20C2Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEDEDD second address: DEDEFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F93A913F9A9h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEE03E second address: DEE061 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F93A8F20C35h 0x00000008 jmp 00007F93A8F20C2Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jg 00007F93A8F20C26h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEE061 second address: DEE06F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F99Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEE06F second address: DEE08A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F93A8F20C34h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DEE08A second address: DEE099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F93A913F996h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF3CAB second address: DF3CC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F93A8F20C35h 0x0000000e jmp 00007F93A8F20C2Dh 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF3CC8 second address: DF3CD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F93A913F99Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF3CD8 second address: DF3CDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF2F9D second address: DF2FA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF2FA7 second address: DF2FF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C36h 0x00000007 jbe 00007F93A8F20C26h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007F93A8F20C2Eh 0x00000015 jmp 00007F93A8F20C2Dh 0x0000001a popad 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f pushad 0x00000020 popad 0x00000021 jnl 00007F93A8F20C26h 0x00000027 popad 0x00000028 push edi 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF357E second address: DF358E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F93A913F996h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF358E second address: DF3594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF64D5 second address: DF64E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F93A913F996h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF64E1 second address: DF64EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F93A8F20C26h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF6688 second address: DF668E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DF67D7 second address: DF67DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DFB36F second address: DFB39A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F93A913F9A2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F93A913F99Ch 0x00000011 pushad 0x00000012 push edi 0x00000013 pop edi 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DFB39A second address: DFB39F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DFBD7E second address: DFBD91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F93A913F99Ch 0x0000000d jc 00007F93A913F996h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DFBD91 second address: DFBD99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DFBD99 second address: DFBDA3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DFBDA3 second address: DFBDA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E03506 second address: E03510 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F93A913F996h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E037CA second address: E037D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E037D0 second address: E037EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F93A913F9A9h 0x0000000c jmp 00007F93A913F99Dh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E037EB second address: E037F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jg 00007F93A8F20C26h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E03DAF second address: E03DBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jne 00007F93A913F996h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E03DBF second address: E03DE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F93A8F20C35h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007F93A8F20C26h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E043F0 second address: E043F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E043F6 second address: E0440C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F93A8F20C2Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E0440C second address: E04411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E04411 second address: E0441E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnl 00007F93A8F20C26h 0x00000009 pop ecx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E04958 second address: E04980 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F93A913F9A0h 0x00000008 jmp 00007F93A913F99Ch 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jl 00007F93A913F996h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E04980 second address: E04991 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F93A8F20C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E08EDD second address: E08EE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F93A913F996h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E08EE9 second address: E08EEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E08469 second address: E0846F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E0846F second address: E08475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E08475 second address: E08496 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F93A913F996h 0x00000008 jmp 00007F93A913F9A3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E08496 second address: E0849A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E085EA second address: E085F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E085F0 second address: E085F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E085F4 second address: E08604 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F99Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E08604 second address: E08635 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F93A8F20C2Ah 0x00000008 push ebx 0x00000009 ja 00007F93A8F20C26h 0x0000000f jmp 00007F93A8F20C35h 0x00000014 pop ebx 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E08635 second address: E08639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E08639 second address: E0863F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E0863F second address: E08656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F93A913F99Dh 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E08656 second address: E0865B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E0865B second address: E08661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E15333 second address: E1534D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F93A8F20C2Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007F93A8F20C26h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E154B8 second address: E154BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E154BF second address: E154D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F93A8F20C33h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E15961 second address: E15965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E15C27 second address: E15C36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E15C36 second address: E15C41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F93A913F996h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E15C41 second address: E15C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E15D68 second address: E15D8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F93A913F9A7h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E16021 second address: E16025 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E161C2 second address: E161D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F93A913F9A0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E161D8 second address: E161DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E161DC second address: E161E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E161E2 second address: E161E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E1FF78 second address: E1FF7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E2CF5A second address: E2CF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E2CF5E second address: E2CF62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E2CF62 second address: E2CF7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop esi 0x0000000c jmp 00007F93A8F20C2Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E326E9 second address: E32700 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F93A913F9A2h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E454E2 second address: E454EC instructions: 0x00000000 rdtsc 0x00000002 jg 00007F93A8F20C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E47A3E second address: E47A42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E47A42 second address: E47A46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E47A46 second address: E47A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E47A50 second address: E47A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F93A8F20C26h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E47A5A second address: E47A6F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jc 00007F93A913F996h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E4C090 second address: E4C0AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C30h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jns 00007F93A8F20C26h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E4C1D1 second address: E4C1ED instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007F93A913F9A1h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E4C4E4 second address: E4C4E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E4C8CE second address: E4C8E8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F93A913F998h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F93A913F99Ch 0x00000012 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E4C8E8 second address: E4C8ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E4C8ED second address: E4C902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F93A913F996h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007F93A913F996h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E4C902 second address: E4C906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E4FEC8 second address: E4FEE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A913F99Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F93A913F9D9h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E4FEE5 second address: E4FEEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E4FEEB second address: E4FEEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E60FED second address: E60FF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E60FF1 second address: E61004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jno 00007F93A913F996h 0x0000000d pop edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E6CF95 second address: E6CFC6 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F93A8F20C2Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007F93A8F20C4Eh 0x00000010 pushad 0x00000011 jmp 00007F93A8F20C38h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E8225A second address: E82262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E823E7 second address: E823F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F93A8F20C2Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E823F8 second address: E82414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F93A913F9A1h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E82534 second address: E8253C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E8253C second address: E82552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F93A913F9A1h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E82552 second address: E82557 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E82E2E second address: E82E32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E82E32 second address: E82E6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F93A8F20C39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F93A8F20C28h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F93A8F20C2Fh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E82E6B second address: E82E6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E82E6F second address: E82E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E82E75 second address: E82E94 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F93A913F9AAh 0x00000008 jmp 00007F93A913F9A4h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E8311A second address: E8311E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E85C5A second address: E85C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E85C5E second address: E85C8A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F93A8F20C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F93A8F20C39h 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E85C8A second address: E85C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E85C8F second address: E85C94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E8613B second address: E8613F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: E8613F second address: E8614E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA2DB9 second address: DA2DC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	RDTSC instruction interceptor: First address: DA2DC5 second address: DA2DCF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F93A8F20C26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Special instruction interceptor: First address: BF8AEC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Special instruction interceptor: First address: BF8A4F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Special instruction interceptor: First address: DBF67F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Special instruction interceptor: First address: E20832 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

Code function: 0_2_00BF8A91 rdtsc

0_2_00BF8A91

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe TID: 2988

Thread sleep time: -90000s >= -30000s

Jump to behavior

Source: SQHE4Hsjo6.exe, SQHE4Hsjo6.exe, 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173656213.000000000162D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183803133.000000000162D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn+E
Source: SQHE4Hsjo6.exe, 00000000.00000003.2173656213.000000000162D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183803133.000000000162D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SQHE4Hsjo6.exe, 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	File opened: NTICE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	File opened: SICE
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

Code function: 0_2_00BF8A91 rdtsc

0_2_00BF8A91

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

Code function: 0_2_00BDE110 LdrInitializeThunk,

0_2_00BDE110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: SQHE4Hsjo6.exe	String found in binary or memory: hummskitnj.buzz
Source: SQHE4Hsjo6.exe	String found in binary or memory: appliacnesot.buzz
Source: SQHE4Hsjo6.exe	String found in binary or memory: cashfuzysao.buzz
Source: SQHE4Hsjo6.exe	String found in binary or memory: inherineau.buzz
Source: SQHE4Hsjo6.exe	String found in binary or memory: screwamusresz.buzz
Source: SQHE4Hsjo6.exe	String found in binary or memory: rebuildeso.buzz
Source: SQHE4Hsjo6.exe	String found in binary or memory: scentniej.buzz
Source: SQHE4Hsjo6.exe	String found in binary or memory: mindhandru.buzz
Source: SQHE4Hsjo6.exe	String found in binary or memory: prisonyfork.buzz

Source: SQHE4Hsjo6.exe, SQHE4Hsjo6.exe, 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: $OProgram Manager

Source: C:\Users\user\Desktop\SQHE4Hsjo6.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SQHE4Hsjo6.exe	58%	Virustotal		Browse
SQHE4Hsjo6.exe	55%	ReversingLabs	Win32.Trojan.Amadey
SQHE4Hsjo6.exe	100%	Avira	TR/Crypt.XPACK.Gen
SQHE4Hsjo6.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
steamcommunity.com	23.55.153.106	true	false	high
cashfuzysao.buzz	unknown	unknown	false	high
scentniej.buzz	unknown	unknown	false	high
inherineau.buzz	unknown	unknown	false	high
prisonyfork.buzz	unknown	unknown	false	high
rebuildeso.buzz	unknown	unknown	false	high
appliacnesot.buzz	unknown	unknown	false	high
hummskitnj.buzz	unknown	unknown	false	high
mindhandru.buzz	unknown	unknown	false	high
screwamusresz.buzz	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
scentniej.buzz	false	high
hummskitnj.buzz	false	high
mindhandru.buzz	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
rebuildeso.buzz	false	high
appliacnesot.buzz	false	high
screwamusresz.buzz	false	high
cashfuzysao.buzz	false	high
inherineau.buzz	false	high
prisonyfork.buzz	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://steamcommunity.com/my/wishlist/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://player.vimeo.com	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/?subsection=broadcasts	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://help.steampowered.com/en/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/market/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/news/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/subscriber_agreement/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.gstatic.cn/recaptcha/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/subscriber_agreement/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://recaptcha.net/recaptcha/;	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.valvesoftware.com/legal.htm	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/discussions/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.youtube.com	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/stats/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://medal.tv	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://broadcast.st.dl.eccdnx.com	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/steam_refunds/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173656213.00000000015ED000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://s.ytimg.com;	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/workshop/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://login.steampowered.com/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/legal/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/	SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steam.tv/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/privacy_agreement/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/points/shop/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://recaptcha.net	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://sketchfab.com	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://lv.queniujq.cn	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.youtube.com/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
http://127.0.0.1:27060	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/privacy_agreement/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com/recaptcha/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://checkout.steampowered.com/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://help.steampowered.com/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.steampowered.com/	SQHE4Hsjo6.exe, 00000000.00000002.2183866825.0000000001660000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/points/shop	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/account/cookiepreferences/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000002.2183598092.00000000015E9000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/mobile	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173656213.000000000160C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/;	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/about/	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l	SQHE4Hsjo6.exe, 00000000.00000003.2173621851.0000000001676000.00000004.00000020.00020000.00000000.sdmp, SQHE4Hsjo6.exe, 00000000.00000003.2173621851.000000000166D000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.55.153.106	steamcommunity.com	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581629
Start date and time:	2024-12-28 10:05:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SQHE4Hsjo6.exe renamed because original name is a hash value
Original Sample Name:	1a626afefe6f365eb064084cb40a98e6.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63
Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:06:39	API Interceptor	5x Sleep call for process: SQHE4Hsjo6.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.55.153.106	GHXsFkoroU.exe	Get hash	malicious	LummaC	Browse
	5Z19n7XRT1.exe	Get hash	malicious	LummaC	Browse
	TdloJt4gY3.exe	Get hash	malicious	LummaC	Browse
	3LUyRfIoKs.exe	Get hash	malicious	LummaC	Browse
	726odELDs8.exe	Get hash	malicious	LummaC	Browse
	Tqa1vDp9NT.exe	Get hash	malicious	LummaC	Browse
	YrWaRb0IKJ.exe	Get hash	malicious	LummaC	Browse
	2S6U7zz1Jg.exe	Get hash	malicious	LummaC	Browse
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse
	H1iOI9vWfh.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	GHXsFkoroU.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	5Z19n7XRT1.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	TdloJt4gY3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	3LUyRfIoKs.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	726odELDs8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Tqa1vDp9NT.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YrWaRb0IKJ.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	2S6U7zz1Jg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	H1iOI9vWfh.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	GHXsFkoroU.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	5Z19n7XRT1.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	TdloJt4gY3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	3LUyRfIoKs.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	726odELDs8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Tqa1vDp9NT.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YrWaRb0IKJ.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	2S6U7zz1Jg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	H1iOI9vWfh.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	GHXsFkoroU.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	TNyOrM6mIM.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	5Z19n7XRT1.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	TdloJt4gY3.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	3LUyRfIoKs.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	726odELDs8.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	Tqa1vDp9NT.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	YrWaRb0IKJ.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	2S6U7zz1Jg.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	v5Evrl41VR.exe	Get hash	malicious	LummaC	Browse	23.55.153.106

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.947866820873626
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SQHE4Hsjo6.exe
File size:	1'840'640 bytes
MD5:	1a626afefe6f365eb064084cb40a98e6
SHA1:	a24c9d6bfe37546ed15324d6c27970c8cee09d76
SHA256:	c551ad3bfe36abcc4e7230e48298289b3aead67508a230cdbffa44fd02f869e3
SHA512:	4dbcd3e49b6775df9d323133b493f7ae0a4cba0b74bbb70790bd8ac7f54c9913e84a89c5c9fd0f5a1905f8c9a4380130b8c23109eb07fc45035f92cf9312c2b7
SSDEEP:	49152:lWHdb2Zc84OMY1AZg+Q6hd1LVebnENVmR+Jf5LAOfx:lWHdb2Zt4OMYmhuiM+f5LA6
TLSH:	008533FA6C9986B6C3C71A31AB3A2F30176865576D2AD130FE1E442A963FC1F63C015D
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................H...........@...........................I...........@.................................Y@..m..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x88d000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F93A8B2F55Ah
pmuludq mm3, qword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
sub byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x54059	0x6d	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x53000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x541f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x52000	0x26400	442c72db592e2832c74e705b03225871	False	0.9996744791666666	data	7.983016168577722	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x53000	0x1ac	0x200	c4249243ceaeb236e3ce8ce2ab2c9a69	False	0.5390625	data	5.249019796122045	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x54000	0x1000	0x200	39a711a7d804ccbc2a14eea65cf3c27e	False	0.154296875	data	1.0789976601211375	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x55000	0x29f000	0x200	3df3c9c9016670dd42ae28a8471d1819	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dtrzpnoi	0x2f4000	0x198000	0x197600	09b959867541e7e6c5742f4f414aead4	False	0.9948184354863455	data	7.953888646531643	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
fjtsvaxi	0x48c000	0x1000	0x400	3363d72444f1660460590c5c5c99469d	False	0.8125	data	6.281016942674075	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x48d000	0x3000	0x2200	360570b58291aa3535bf19dbcf2cde57	False	0.05526194852941176	DOS executable (COM)	0.6671892118660027	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x53058	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-28T10:06:40.552645+0100	2058582	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz)	1	192.168.2.6	49222	1.1.1.1	53	UDP
2024-12-28T10:06:40.740745+0100	2058584	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)	1	192.168.2.6	58049	1.1.1.1	53	UDP
2024-12-28T10:06:40.914207+0100	2058586	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)	1	192.168.2.6	58074	1.1.1.1	53	UDP
2024-12-28T10:06:41.062821+0100	2058588	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)	1	192.168.2.6	52334	1.1.1.1	53	UDP
2024-12-28T10:06:41.205205+0100	2058580	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)	1	192.168.2.6	63065	1.1.1.1	53	UDP
2024-12-28T10:06:41.348109+0100	2058590	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)	1	192.168.2.6	61566	1.1.1.1	53	UDP
2024-12-28T10:06:41.497241+0100	2058572	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)	1	192.168.2.6	56466	1.1.1.1	53	UDP
2024-12-28T10:06:41.641687+0100	2058576	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)	1	192.168.2.6	55929	1.1.1.1	53	UDP
2024-12-28T10:06:41.785796+0100	2058578	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)	1	192.168.2.6	56691	1.1.1.1	53	UDP
2024-12-28T10:06:43.547151+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49707	23.55.153.106	443	TCP
2024-12-28T10:06:44.390917+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.6	49707	23.55.153.106	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 10:06:42.076375008 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:42.076427937 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:42.076527119 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:42.093663931 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:42.093682051 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:43.546937943 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:43.547151089 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:43.587536097 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:43.587569952 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:43.587940931 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:43.643815994 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:43.751836061 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:43.799340963 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.390971899 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.391010046 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.391017914 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.391057014 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.391073942 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.391141891 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:44.391169071 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.391191006 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:44.391218901 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:44.580617905 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.580693960 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.580713034 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.580805063 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.580873966 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:44.580873966 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:44.580873966 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:44.583123922 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:44.583141088 CET	443	49707	23.55.153.106	192.168.2.6
Dec 28, 2024 10:06:44.583154917 CET	49707	443	192.168.2.6	23.55.153.106
Dec 28, 2024 10:06:44.583165884 CET	443	49707	23.55.153.106	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 28, 2024 10:06:40.552644968 CET	49222	53	192.168.2.6	1.1.1.1
Dec 28, 2024 10:06:40.693030119 CET	53	49222	1.1.1.1	192.168.2.6
Dec 28, 2024 10:06:40.740745068 CET	58049	53	192.168.2.6	1.1.1.1
Dec 28, 2024 10:06:40.886388063 CET	53	58049	1.1.1.1	192.168.2.6
Dec 28, 2024 10:06:40.914206982 CET	58074	53	192.168.2.6	1.1.1.1
Dec 28, 2024 10:06:41.055124044 CET	53	58074	1.1.1.1	192.168.2.6
Dec 28, 2024 10:06:41.062820911 CET	52334	53	192.168.2.6	1.1.1.1
Dec 28, 2024 10:06:41.202794075 CET	53	52334	1.1.1.1	192.168.2.6
Dec 28, 2024 10:06:41.205204964 CET	63065	53	192.168.2.6	1.1.1.1
Dec 28, 2024 10:06:41.345232010 CET	53	63065	1.1.1.1	192.168.2.6
Dec 28, 2024 10:06:41.348109007 CET	61566	53	192.168.2.6	1.1.1.1
Dec 28, 2024 10:06:41.488390923 CET	53	61566	1.1.1.1	192.168.2.6
Dec 28, 2024 10:06:41.497241020 CET	56466	53	192.168.2.6	1.1.1.1
Dec 28, 2024 10:06:41.637797117 CET	53	56466	1.1.1.1	192.168.2.6
Dec 28, 2024 10:06:41.641686916 CET	55929	53	192.168.2.6	1.1.1.1
Dec 28, 2024 10:06:41.783457994 CET	53	55929	1.1.1.1	192.168.2.6
Dec 28, 2024 10:06:41.785795927 CET	56691	53	192.168.2.6	1.1.1.1
Dec 28, 2024 10:06:41.927206039 CET	53	56691	1.1.1.1	192.168.2.6
Dec 28, 2024 10:06:41.929167032 CET	60616	53	192.168.2.6	1.1.1.1
Dec 28, 2024 10:06:42.069470882 CET	53	60616	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 28, 2024 10:06:40.552644968 CET	192.168.2.6	1.1.1.1	0xff70	Standard query (0)	mindhandru.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:40.740745068 CET	192.168.2.6	1.1.1.1	0xd170	Standard query (0)	prisonyfork.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:40.914206982 CET	192.168.2.6	1.1.1.1	0xc65	Standard query (0)	rebuildeso.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.062820911 CET	192.168.2.6	1.1.1.1	0x2ee3	Standard query (0)	scentniej.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.205204964 CET	192.168.2.6	1.1.1.1	0x2ba	Standard query (0)	inherineau.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.348109007 CET	192.168.2.6	1.1.1.1	0x31f6	Standard query (0)	screwamusresz.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.497241020 CET	192.168.2.6	1.1.1.1	0x6a76	Standard query (0)	appliacnesot.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.641686916 CET	192.168.2.6	1.1.1.1	0xd97	Standard query (0)	cashfuzysao.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.785795927 CET	192.168.2.6	1.1.1.1	0xd544	Standard query (0)	hummskitnj.buzz	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.929167032 CET	192.168.2.6	1.1.1.1	0xeeae	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 28, 2024 10:06:40.693030119 CET	1.1.1.1	192.168.2.6	0xff70	Name error (3)	mindhandru.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:40.886388063 CET	1.1.1.1	192.168.2.6	0xd170	Name error (3)	prisonyfork.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.055124044 CET	1.1.1.1	192.168.2.6	0xc65	Name error (3)	rebuildeso.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.202794075 CET	1.1.1.1	192.168.2.6	0x2ee3	Name error (3)	scentniej.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.345232010 CET	1.1.1.1	192.168.2.6	0x2ba	Name error (3)	inherineau.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.488390923 CET	1.1.1.1	192.168.2.6	0x31f6	Name error (3)	screwamusresz.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.637797117 CET	1.1.1.1	192.168.2.6	0x6a76	Name error (3)	appliacnesot.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.783457994 CET	1.1.1.1	192.168.2.6	0xd97	Name error (3)	cashfuzysao.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:41.927206039 CET	1.1.1.1	192.168.2.6	0xd544	Name error (3)	hummskitnj.buzz	none	none	A (IP address)	IN (0x0001)	false
Dec 28, 2024 10:06:42.069470882 CET	1.1.1.1	192.168.2.6	0xeeae	No error (0)	steamcommunity.com		23.55.153.106	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49707	23.55.153.106	443	2788	C:\Users\user\Desktop\SQHE4Hsjo6.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-28 09:06:43 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-28 09:06:44 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 28 Dec 2024 09:06:44 GMT Content-Length: 25665 Connection: close Set-Cookie: sessionid=742a0d56e920702416b58bce; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-28 09:06:44 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-28 09:06:44 UTC	10097	IN	Data Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>
2024-12-28 09:06:44 UTC	1089	IN	Data Raw: 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 Data Ascii: heir respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br>

Target ID:	0
Start time:	04:06:37
Start date:	28/12/2024
Path:	C:\Users\user\Desktop\SQHE4Hsjo6.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SQHE4Hsjo6.exe"
Imagebase:	0xba0000
File size:	1'840'640 bytes
MD5 hash:	1A626AFEFE6F365EB064084CB40A98E6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	31.9%
Total number of Nodes:	72
Total number of Limit Nodes:	4

Executed Functions

Function 00BAB100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

b6j4, xrefs: 00BAB57D
S%U', xrefs: 00BAB203
Gu@w, xrefs: 00BAB2CB
Gq\s, xrefs: 00BAB2C1
k=W?, xrefs: 00BAB23F
Ym]o, xrefs: 00BAB2B7
zMzO, xrefs: 00BAB267
9]_, xrefs: 00BAB28F
XyR{, xrefs: 00BAB2D5
(Y6[, xrefs: 00BAB285
yQrS, xrefs: 00BAB271
D!M#, xrefs: 00BAB1F9
pE}G, xrefs: 00BAB253
.AtC, xrefs: 00BAB249
hI2K, xrefs: 00BAB25D

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
API String ID: 0-620192811
Opcode ID: 5f221a745b2eec13395f6560f60ac6fceeee5cd1d4c10712b1ec09ac8a5a7cfd
Instruction ID: 725a992814cf3a0735b625dbf81c81126785ccf82e860c6174bb0e8960c3f144
Opcode Fuzzy Hash: 5f221a745b2eec13395f6560f60ac6fceeee5cd1d4c10712b1ec09ac8a5a7cfd
Instruction Fuzzy Hash: 0D0243B1204B41CFD724CF25D891BABBBF5FB49314F108A2CD5AA8BAA1DB74A445CF50

Function 00BA8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 00BA8A4A

Part of subcall function 00BAB7B0: FreeLibrary.KERNEL32(00BA8A31), ref: 00BAB7B6
Part of subcall function 00BAB7B0: FreeLibrary.KERNEL32 ref: 00BAB7D7

Strings

}, xrefs: 00BA8913
b]u), xrefs: 00BA8877
}, xrefs: 00BA890C

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: FreeLibrary$ExitProcess
String ID: b]u)$}$}
API String ID: 1614911148-2900034282
Opcode ID: ff7560dfd73ea0afdb6734c31820e4249a4a08239918be567e59ac3465322ad3
Instruction ID: 3634105a239434399e1e13c044dc31f569ecce864ce06cc24aeb37fe4232c45e
Opcode Fuzzy Hash: ff7560dfd73ea0afdb6734c31820e4249a4a08239918be567e59ac3465322ad3
Instruction Fuzzy Hash: EFC1E573E187144BC718DF69C84125AF7D6ABC8710F1AC56EA898EB391EA74DC048BC6

Function 00BDE110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(00BE148A,?,00000018,?,?,00000018,?,?,?), ref: 00BDE13E

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 00BE1720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=<32, xrefs: 00BE176D

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: InitializeThunk
String ID: =<32
API String ID: 2994545307-852023076
Opcode ID: 9ce7436c3b39976dd3e9dbc50bedcc98984815be685a88ab2a49794731b9e285
Instruction ID: 663dca45755a691d291fb0568c718e261d23f509766f8322f76fc27e82e2fa69
Opcode Fuzzy Hash: 9ce7436c3b39976dd3e9dbc50bedcc98984815be685a88ab2a49794731b9e285
Instruction Fuzzy Hash: 953148747043845FE7149A199CD1B3FB7D9EB85750F288A6CF5859B290DB70EC408792

Function 00BA9D1E Relevance: 3.1, APIs: 2, Instructions: 142
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000), ref: 00BA9D98
LoadLibraryExW.KERNEL32(?,00000000), ref: 00BA9E78

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 15d2aa5648c17d2ed75732c1bc98237c8366066a41fa634d06021a5fce1679fa
Instruction ID: 2e162c57ca813544aeec722bd030deecd71e102a35ce58955463848ab6f5e896
Opcode Fuzzy Hash: 15d2aa5648c17d2ed75732c1bc98237c8366066a41fa634d06021a5fce1679fa
Instruction Fuzzy Hash: 94412374D003409FE7159F7899D2A9A7FB1EB07324F51829CD5902F3A6C731940ACBE2

Function 00BDE0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000), ref: 00BDE0E0

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 00f95b5909102d558fac31e068552ce16a688e17d8b599778f0989c7464885d9
Instruction ID: 09f803cf98799ded421a841567f42279a02b0a9b5b0d95850be5594096aea9c3
Opcode Fuzzy Hash: 00f95b5909102d558fac31e068552ce16a688e17d8b599778f0989c7464885d9
Instruction Fuzzy Hash: EEF0A072818252FBC3102F28BD06A5B7AE4EFC2760F0504B6F4009F260FE34E81AC591

Function 00BA9EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00BA9ED2

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 913ccab2f59c1b248608680985a12037daf802f4e55debe5fe105d97b7c3fc37
Instruction ID: 138ec87d60d2001b05b0b5249567a60bd4d6034299c7a89683790b9ea9abc1b0
Opcode Fuzzy Hash: 913ccab2f59c1b248608680985a12037daf802f4e55debe5fe105d97b7c3fc37
Instruction Fuzzy Hash: 83E02B336406429BD700DB30EC87E597356DB15346705C439E216DB171EE72E4109A10

Function 00BDC570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000,?,00BDE0F9), ref: 00BDC590

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: b70dd31e4ab19212c83761fe2d482b8a26c40d0771e00450146ee5d23ed16adb
Instruction ID: cf20d66d12d3412233c659dff2763c34aa3addf01ad4cbfed1768731a6c81c54
Opcode Fuzzy Hash: b70dd31e4ab19212c83761fe2d482b8a26c40d0771e00450146ee5d23ed16adb
Instruction Fuzzy Hash: B8D0C931819122FBCA102F28BC15BD77B94DF49620F070892B404AB174DA24EC91DAD0

Function 00BDC55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00BDC561

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d22f012438567713daca8cde28b57cfab657d5a8644136c21b0629736862c826
Instruction ID: e32dc0465533138de5bbea173bd2d96ca0b9254c11905301111dcbd54f768408
Opcode Fuzzy Hash: d22f012438567713daca8cde28b57cfab657d5a8644136c21b0629736862c826
Instruction Fuzzy Hash: 7EA00171185110AADA562B24BC09B947A21AB58621F124191E1019A4F68A719892DA84

Function 00BF932B Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00BFA11E

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: cacb36f12453bbc0ea9e970182047ccda8b94c2af6dac00217eaae7561870203
Instruction ID: 8050c19a975cde6d63763280473a958ca048f8965f7c2e1a1254cd8c9e293d95
Opcode Fuzzy Hash: cacb36f12453bbc0ea9e970182047ccda8b94c2af6dac00217eaae7561870203
Instruction Fuzzy Hash: 39F0C87650C1099BE74C6E7898995BD7BE0EB00321F21066DF987D3A40D9298C148B97

Function 00BF97AF Relevance: 1.3, APIs: 1, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 00BF9845

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 64b5e03debb5258c76d73038cdd4ff8bcc50844827e0dd523d4faa98c7254a0b
Instruction ID: 1bc7e6d0ee493ba1fc6b7bc0699b984832c2e1579cad9bcb79eff1a19ea1b080
Opcode Fuzzy Hash: 64b5e03debb5258c76d73038cdd4ff8bcc50844827e0dd523d4faa98c7254a0b
Instruction Fuzzy Hash: 59E0C97440D705DBD7009F26855466EBBE0EF94B10F15C82DEA8847554E3308D64EB47

Non-executed Functions

Function 00BC42D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00BC43AA
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00BC443E

Strings

y{, xrefs: 00BC5B36
r:i8, xrefs: 00BC5899
N~4|, xrefs: 00BC593E
|r, xrefs: 00BC53A8
13, xrefs: 00BC5BFC
b`, xrefs: 00BC55F9
+$e, xrefs: 00BC43FA, 00BC442B
tj, xrefs: 00BC53BE
Xs, xrefs: 00BC5CD8
uw, xrefs: 00BC5B57
=:, xrefs: 00BC57CE
<j:h, xrefs: 00BC5975
DD, xrefs: 00BC5CEE
gd, xrefs: 00BC5E60
+$e, xrefs: 00BC4365, 00BC437A
e>n<, xrefs: 00BC588E
%r?p, xrefs: 00BC595F
=?, xrefs: 00BC5BF1
ut, xrefs: 00BC5CE3
n l, xrefs: 00BC596A

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
API String ID: 237503144-1429676654
Opcode ID: 17f27105230bc8befd6ca30901478e92dc309240fc5105dd2b03b5fac7951eea
Instruction ID: c0c3ad5b6e328da7d4a1c745c9301c4fa7cd28e6e79cb7ee2a056092ce808c12
Opcode Fuzzy Hash: 17f27105230bc8befd6ca30901478e92dc309240fc5105dd2b03b5fac7951eea
Instruction Fuzzy Hash: 17C20DB560C3848AD334CF54D452BDFBAF2FB82300F00892DD5E96B255DBB5464A8B9B

Function 00BD9280 Relevance: 18.2, APIs: 2, Strings: 8, Instructions: 661COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32 ref: 00BD98DF
SysFreeString.OLEAUT32(?), ref: 00BD98E5

Strings

b{tu, xrefs: 00BD92D9, 00BD939B
O^, xrefs: 00BD97A6
gd, xrefs: 00BD968E
t"j, xrefs: 00BD966E
SB, xrefs: 00BD979E
=hn, xrefs: 00BD9676
Jtuj, xrefs: 00BD92E5
:;$%, xrefs: 00BD99C0

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: FreeString
String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
API String ID: 3341692771-1335595022
Opcode ID: ecc9ed2bf52eb58ac2f807d5d7519f181b41d7550db89eda64072b8c06f67b2b
Instruction ID: 4cd61b85c1e55cdcfbfaac63264c89cbffbc359aaff0cc0194292586043073fa
Opcode Fuzzy Hash: ecc9ed2bf52eb58ac2f807d5d7519f181b41d7550db89eda64072b8c06f67b2b
Instruction Fuzzy Hash: 98222376A083419BE310CF24C881B5BFBE2EFC5714F18896DE5949B391E775D845CB82

Function 00BB60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON

Download Yara Rule

Strings

3F&D, xrefs: 00BB6273
pt}w, xrefs: 00BB61F2
t~v:, xrefs: 00BB61E7
L4, xrefs: 00BB6780
L4, xrefs: 00BB6BA0
{zdy, xrefs: 00BB611D
ntxE, xrefs: 00BB6112
~mfQ, xrefs: 00BB613E
JyTK, xrefs: 00BB6160
uqrs, xrefs: 00BB6AF0
*,-", xrefs: 00BB66EF
w}MI, xrefs: 00BB6128
qRb`, xrefs: 00BB6133

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
API String ID: 0-2746398225
Opcode ID: ad0014c18a4444e0b7c0f11c3ac559f28ac879e4bce0818150146346b451b944
Instruction ID: 4ff97537716498b34f6afb8a118fd0444615fc307d181615d357188ff32ae5d5
Opcode Fuzzy Hash: ad0014c18a4444e0b7c0f11c3ac559f28ac879e4bce0818150146346b451b944
Instruction Fuzzy Hash: 7E4223726082908FC7248F28D8917ABB7E2FFD6314F1989BCD4DA8B255DB759C05CB42

Function 00BB1227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON

Download Yara Rule

Strings

`, xrefs: 00BB13A4
>, xrefs: 00BB16FF
), xrefs: 00BB1A4D
[, xrefs: 00BB1555
+, xrefs: 00BB17CB
F, xrefs: 00BB184E
@, xrefs: 00BB17D0
L, xrefs: 00BB1846

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: )$+$>$@$F$L$[$`
API String ID: 0-4163809010
Opcode ID: 08f4300212f9e47843cc0e640c49d74347fdc79223d8293f709142dbad53beff
Instruction ID: ac31c2b61d62115a1ccfb247ed58d96bc3a8a13e7701cc028f16f1ea24b46a08
Opcode Fuzzy Hash: 08f4300212f9e47843cc0e640c49d74347fdc79223d8293f709142dbad53beff
Instruction Fuzzy Hash: DD527F7260C7808FD324DB3CC8953EEBBE1AB96320F598E6DD4D9C7381DA7489458B52

Function 00D67218 Relevance: 12.8, Strings: 9, Instructions: 1591COMMON

Download Yara Rule

Strings

?x7, xrefs: 00D67655
_z^}, xrefs: 00D678A4
{}k, xrefs: 00D672EB
Dlg, xrefs: 00D67DEC
s`&w, xrefs: 00D67629
1VN, xrefs: 00D68305
q#}, xrefs: 00D682F6
=[m=, xrefs: 00D6851D
3;Q~, xrefs: 00D67995

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: 1VN$3;Q~$=[m=$?x7$Dlg$_z^}$q#}$s`&w${}k
API String ID: 0-2886723155
Opcode ID: 45c6fec3b69caff9cb205ccd519e48498fb5d18cdf6eaf5741855d1ed8db2285
Instruction ID: a39bd59e3ccaa3d53a260e4772b2a6251689a8cbfca9566272784698bbede59e
Opcode Fuzzy Hash: 45c6fec3b69caff9cb205ccd519e48498fb5d18cdf6eaf5741855d1ed8db2285
Instruction Fuzzy Hash: 65B2F4F360C2049FE304AE29EC8567AFBE9EF94720F16893DE6C4C7744EA3558058796

Function 00BB747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00BB75C5

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 46ba316fb9342c639842459e48e840b188a924f2ff2c758b9669f43c69b29102
Instruction ID: 032a770cef1cd52af1778b7710ffe2f64babdc47a4afce25430dc3469f5e31b7
Opcode Fuzzy Hash: 46ba316fb9342c639842459e48e840b188a924f2ff2c758b9669f43c69b29102
Instruction Fuzzy Hash: BA82367150C3518BC724CF28C8917BBB7E1EFD9354F198AACE8D59B2A5EB748805CB42

Function 00BA9310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON

Download Yara Rule

Strings

PTvu, xrefs: 00BA96F3
;"I, xrefs: 00BA944E
,6.2, xrefs: 00BA9446
A, xrefs: 00BA9698
FM, xrefs: 00BA9370
WAg., xrefs: 00BA943E
cbrn, xrefs: 00BA93EE

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
API String ID: 0-3116088196
Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction ID: f4b4377d541e86276ed7326aa250ece692f7f2d1e47c8a0b40842dfa535fdfea
Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
Instruction Fuzzy Hash: 47C12471A0C3954BD322CF6994A036BBFD1DFE7200F084AACE4D51B382D375890AD792

Function 00BC83E6 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 539COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00BC84BD
RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00BC85B4

Strings

_^]\, xrefs: 00BC8A15
LF7Y, xrefs: 00BC8951

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: LF7Y$_^]\
API String ID: 237503144-3688711800
Opcode ID: 251f3ec8dab02c8e8da41251951b4061271ea10183e9e8a7a0f8e33a5bd9db28
Instruction ID: 3916c8a997693c4b0ff384ee479d473fd49782817325822815ef06e4c53b8696
Opcode Fuzzy Hash: 251f3ec8dab02c8e8da41251951b4061271ea10183e9e8a7a0f8e33a5bd9db28
Instruction Fuzzy Hash: BD12D27190C381CFD7248F28D880B1FBBE1FF85310F194AADE9995B2A1DB319945CB92

Function 00BC24E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON

Download Yara Rule

Strings

=K0E, xrefs: 00BC2544
pCj], xrefs: 00BC2528
;GsA, xrefs: 00BC2520
.[TU, xrefs: 00BC2538
"_,Y, xrefs: 00BC2530

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
API String ID: 0-1171452581
Opcode ID: f03ea55c11ceb2dd64a8262498f0eebb237b01833dbf60df50fb4b35266a9550
Instruction ID: 123747d356d404bdd8f252772662519087eef4b923eb99f8533ef139ddaac85f
Opcode Fuzzy Hash: f03ea55c11ceb2dd64a8262498f0eebb237b01833dbf60df50fb4b35266a9550
Instruction Fuzzy Hash: D19101B16083009BC714DF24C891B67B7F5EF95714F18846CE9898B392E775DD05CB62

Function 00BB8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

gfff, xrefs: 00BB8458
7, xrefs: 00BB8419
SP, xrefs: 00BB8396
^`/4, xrefs: 00BB81E1
2h?n, xrefs: 00BB83A0

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: 2h?n$7$SP$^`/4$gfff
API String ID: 0-3257051659
Opcode ID: ecbcbde029cbad1bd71b004841e17ae72938d070155c8a4377e5357ac3c6aa90
Instruction ID: 58286a2bfd510fbb4c53528276d8fb0655a03ce1d30192fdffceeacff7dd7954
Opcode Fuzzy Hash: ecbcbde029cbad1bd71b004841e17ae72938d070155c8a4377e5357ac3c6aa90
Instruction Fuzzy Hash: E2A13772A182504BD324CF28DC917AFB7D6FBD5314F198A7DE885DB391DA789802C782

Function 00BC1340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON

Download Yara Rule

Strings

eb, xrefs: 00BC16F6
9deZ, xrefs: 00BC1818
sp, xrefs: 00BC1528
{s, xrefs: 00BC1520

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: 9deZ$eb$sp${s
API String ID: 0-3993331145
Opcode ID: 35209cda05f7d9ec196f2697885a3256f6900ba79217d677acd39fc24642cde3
Instruction ID: f03fecd72780fcad21e2e43d8b298507d7320a6a31be3d8dc11ac4d08ef1cd4c
Opcode Fuzzy Hash: 35209cda05f7d9ec196f2697885a3256f6900ba79217d677acd39fc24642cde3
Instruction Fuzzy Hash: 0ED1E3B12183048BC724DF28C891B6BB7E1FFD2354F089A6DE4969B3A1E778D904C752

Function 00BC91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 00BC91DA

Strings

wpq, xrefs: 00BC92B7
+Ku, xrefs: 00BC92AF

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$wpq
API String ID: 237503144-1953850642
Opcode ID: 0b460497cae4426e4e211c81007d5bece4f50760c01e15f94f9042ec8704bc6b
Instruction ID: 2f7d1b90a12d4221e893c527ae34b984f2b2c0dfda214786fd44e59a0f55add0
Opcode Fuzzy Hash: 0b460497cae4426e4e211c81007d5bece4f50760c01e15f94f9042ec8704bc6b
Instruction Fuzzy Hash: 5E51CE7221C3518FC324CF69988076FB7E6EBC5310F15892DE4EACB285DB70D50A8B92

Function 00BC90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00BC9170

Strings

M/(, xrefs: 00BC913D
M/(, xrefs: 00BC919E

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: M/($M/(
API String ID: 237503144-1710806632
Opcode ID: a2c2381a6776a06aa2d1180e4c3c2abb44e517303584718eaf8f1c0018748bac
Instruction ID: 97c3fcc6e8d3eca3bf60b81f96e0c2ee92a23b97842d6a81f1a9332592545440
Opcode Fuzzy Hash: a2c2381a6776a06aa2d1180e4c3c2abb44e517303584718eaf8f1c0018748bac
Instruction Fuzzy Hash: 84212371A5C3515FE714CE349886B9FB7AAEBC2700F01892CE0D1EB1C5D675880B8756

Function 00CD3287 Relevance: 4.2, Strings: 3, Instructions: 472COMMON

Download Yara Rule

Strings

[tO}, xrefs: 00CD38A3
DxoY, xrefs: 00CD37EB
b`uo, xrefs: 00CD390B

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: DxoY$[tO}$b`uo
API String ID: 0-3385117422
Opcode ID: a50010d7df4d2614e7c48ebac7ce73bbddefc35c70913ec3e5fd32b3414e3d1a
Instruction ID: eca8b5a3d262581871c5b0efa2d8c5b7dc07de586b08199d46361882621c7609
Opcode Fuzzy Hash: a50010d7df4d2614e7c48ebac7ce73bbddefc35c70913ec3e5fd32b3414e3d1a
Instruction Fuzzy Hash: 85F1F0F3F142154BF3444E39DC943A2B692EBD4320F2F823D9A889B7C5D97E9D468285

Function 00D62020 Relevance: 4.2, Strings: 2, Instructions: 1661COMMON

Download Yara Rule

Strings

Gir_, xrefs: 00D622B5
yQ.O, xrefs: 00D62BC2

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: Gir_$yQ.O
API String ID: 0-3072183720
Opcode ID: 97d16d3def5e0eab206870d21963558577b2f14e9ee0d8c396c229d89e14be8c
Instruction ID: 5fb4fb60003f3cfa98003b865cd3ae7a024d9bb00a8cb7c473916dd258cb55c9
Opcode Fuzzy Hash: 97d16d3def5e0eab206870d21963558577b2f14e9ee0d8c396c229d89e14be8c
Instruction Fuzzy Hash: E3B25AF3A0C2009FE308AE2DEC8567ABBE9EB94720F16463DE6C5C3744E97558058797

Function 00BCA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00BCA49C, 00BCA188
<\hX, xrefs: 00BCA236
.txt, xrefs: 00BCA371

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: .txt$<\hX$_^]\
API String ID: 0-3117400391
Opcode ID: 1ff45cf0a3802b7e69e129d3729274ce384a76c0f708cb0bbcb6264548491e80
Instruction ID: 226ef0b4c1f965928b3882627d2ae68a0d63652369571d9408358d2c8f3286c3
Opcode Fuzzy Hash: 1ff45cf0a3802b7e69e129d3729274ce384a76c0f708cb0bbcb6264548491e80
Instruction Fuzzy Hash: B2C1F37150C385DFD704DF28DC91A2ABBE6EF85314F188AACF0954B3A2DB359945CB12

Function 00BBD003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON

Download Yara Rule

Strings

[V, xrefs: 00BBD4DD
bh, xrefs: 00BBD4D6

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: [V$bh
API String ID: 0-2174178241
Opcode ID: 42764ce8fc811806b81c4e46455762129a5db05d404a0b86637292cb73d99e19
Instruction ID: 638a7644283037171f97164e5ae4dc0abc5a231f01a66198a97792bc51fa4325
Opcode Fuzzy Hash: 42764ce8fc811806b81c4e46455762129a5db05d404a0b86637292cb73d99e19
Instruction Fuzzy Hash: E83226B1901611CBCB24CF28C8916F7B7F1FFA5310F1882A8D8969B395F779A941CB91

Function 00CCB28A Relevance: 3.1, Strings: 2, Instructions: 554COMMON

Download Yara Rule

Strings

N]ZQ, xrefs: 00CCB950
$^~, xrefs: 00CCB93B

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: $^~$N]ZQ
API String ID: 0-1947330225
Opcode ID: 042e665c8e4422bba5cc950bdb1d08157134c761528482df46389e2c1f965f06
Instruction ID: 78d580ae12919275437a2ff315e3affd7dd4f804d8f804b388553e976791e858
Opcode Fuzzy Hash: 042e665c8e4422bba5cc950bdb1d08157134c761528482df46389e2c1f965f06
Instruction Fuzzy Hash: 6002BAF3F542204BF3444939DD983667683DBD5324F2B86389B98AB7C5E87E9C064285

Function 00C76421 Relevance: 3.0, Strings: 2, Instructions: 517COMMON

Download Yara Rule

Strings

ew>, xrefs: 00C7696F
W.~o, xrefs: 00C76B1A

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: W.~o$ew>
API String ID: 0-340829811
Opcode ID: 4e240cbb23b8ede9704594a60b9f9b980df86a51db254f22fdd746d816b7ef02
Instruction ID: d7f8631c0b8bad4f124183907b3c38ad8276bbc9c0d77ec056e1c2e2aa2652f5
Opcode Fuzzy Hash: 4e240cbb23b8ede9704594a60b9f9b980df86a51db254f22fdd746d816b7ef02
Instruction Fuzzy Hash: 4902D0F3F146244BF3544D79CC98366B692DBA4320F2B823C9F88A77C5E9BE5D058285

Function 00BA4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

IEND, xrefs: 00BA4661
), xrefs: 00BA42EB

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: )$IEND
API String ID: 0-707183367
Opcode ID: 36f17a32770375fc01e9622c277673dd94a61202715db0d2031acef57b8ca3b9
Instruction ID: d7a9bd94775244cd85cbf4913010bb8d32e2996028655438acabe2fe8469b6f9
Opcode Fuzzy Hash: 36f17a32770375fc01e9622c277673dd94a61202715db0d2031acef57b8ca3b9
Instruction Fuzzy Hash: 74D1AE7190C344AFD720CF18D881B5ABBE4EB96304F14496DF9999B382D7B5E908CB92

Function 00C0F11B Relevance: 2.7, Strings: 2, Instructions: 188COMMON

Download Yara Rule

Strings

.xAq, xrefs: 00C0F128
.xAq, xrefs: 00C0F11B

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: .xAq$.xAq
API String ID: 0-295907548
Opcode ID: 022f671ade69d62527e6aaab2c8fff29173dc7dc978e6192eabaf2c9a3d22112
Instruction ID: f3b482c22d19fa1dee1da98372b905e43ccea84434e5e938e3bee6e7dd9bd98a
Opcode Fuzzy Hash: 022f671ade69d62527e6aaab2c8fff29173dc7dc978e6192eabaf2c9a3d22112
Instruction Fuzzy Hash: 555167F7E511254BF3640929DC683A22683A7A1324F2F82788E9C6B7C4DC7E5D4A93C4

Function 00C073BE Relevance: 1.8, Strings: 1, Instructions: 541COMMON

Download Yara Rule

Strings

70?, xrefs: 00C07ABD

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: 70?
API String ID: 0-2928622523
Opcode ID: ba03ea43be5b889aa4191f38ee2550331c82d062e4bf5d3e33544c324f1a0a02
Instruction ID: 9b85bfe0a00e3598919fe42b8adedad1f05c5dbfa1382837617697aee2b67969
Opcode Fuzzy Hash: ba03ea43be5b889aa4191f38ee2550331c82d062e4bf5d3e33544c324f1a0a02
Instruction Fuzzy Hash: 6B02DEB3F142204BF3144A39DD98366B692EBD4320F2F823DDE89A77C5D97E5C068285

Function 00C6A1B4 Relevance: 1.8, Strings: 1, Instructions: 529COMMON

Download Yara Rule

Strings

s, xrefs: 00C6A2DE

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: s
API String ID: 0-453955339
Opcode ID: 55c91731bc7512b449f95dac7600b7b368717c707c83be39a6451bdabfcbb1f2
Instruction ID: 12bae47a2dc4ce91ab44e38b389742e4dc591c05c077d7117ed001deda1facd8
Opcode Fuzzy Hash: 55c91731bc7512b449f95dac7600b7b368717c707c83be39a6451bdabfcbb1f2
Instruction Fuzzy Hash: 3302F2F3F142148BF3044E29DC99366B692EBD4320F2F863D9A88A77C9D97E9C054385

Function 00C98277 Relevance: 1.8, Strings: 1, Instructions: 513COMMON

Download Yara Rule

Strings

z^_k, xrefs: 00C98944

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: z^_k
API String ID: 0-2762433813
Opcode ID: 7d338ab1afd60b42b2e38b11082e0605efc649fbc85fcc60168e049b83b7529f
Instruction ID: 728a466aee646dfeb950496904189f1692165d49191ff5437589fb034ed73c1c
Opcode Fuzzy Hash: 7d338ab1afd60b42b2e38b11082e0605efc649fbc85fcc60168e049b83b7529f
Instruction Fuzzy Hash: 19F1BCB3F542204BF3544D78DD983A6B682DBD5320F2F82389E98AB7C4E97E5D064385

Function 00BCD17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(1A11171A), ref: 00BCD2A4

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: f8690f3f7fbd392c3b7dab1f32aae6d11be1f9560bc1c72b648a83ebb1ff934b
Instruction ID: 5aca45f308fbcef01b81a7fc672175e0ea539f7c396cf8d8795687e3e25abd85
Opcode Fuzzy Hash: f8690f3f7fbd392c3b7dab1f32aae6d11be1f9560bc1c72b648a83ebb1ff934b
Instruction Fuzzy Hash: AC41A0746043829BE3158F34C9A0F62BBE1EF57314F28869CE5AA4F393D625E8468B51

Function 00BCD34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON

Download Yara Rule

Strings

><+, xrefs: 00BCD353

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: ><+
API String ID: 0-2918635699
Opcode ID: 79df48040e7863203ef2b39a013c39bc7864fbffdc234aa0be16fbc30455197f
Instruction ID: b6710e9f339901f2b37b1f37b3ec911817cde169245a09ddad7f414ed0747d82
Opcode Fuzzy Hash: 79df48040e7863203ef2b39a013c39bc7864fbffdc234aa0be16fbc30455197f
Instruction Fuzzy Hash: B8C1C3756047818FD725CF2AC490762FBE2FF9A310B2985ADC4DA8B752D735E806CB50

Function 00BCB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON

Download Yara Rule

Strings

", xrefs: 00BCB458

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction ID: 3ff55798377eda24b514c3788caff3b85b797f7fa1f87588f7693421d6a488f0
Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
Instruction Fuzzy Hash: D9C125B2A083455FD7258E24C4A2F6FB7D9AF94310F1889ADE8958B382E734DD4487D2

Function 00CF41A6 Relevance: 1.6, Strings: 1, Instructions: 312COMMON

Download Yara Rule

Strings

4, xrefs: 00CF427B

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 266fb48fab81bb12cbfcb6a2e92a42202ad954e57ff8c63967f199b1ea2fc25c
Instruction ID: 76fece4b01006663db279c50c2b626807b39075e870a352920875a4fe12b2ba7
Opcode Fuzzy Hash: 266fb48fab81bb12cbfcb6a2e92a42202ad954e57ff8c63967f199b1ea2fc25c
Instruction Fuzzy Hash: E9B19EB3F111254BF3544938CD683A26683DBD5324F2F82788F496BBC9D87E6D4A5384

Function 00C2B287 Relevance: 1.5, Strings: 1, Instructions: 282COMMON

Download Yara Rule

Strings

sf, xrefs: 00C2B513

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: sf
API String ID: 0-3446364831
Opcode ID: 8ceeb112beb4a0c6336ed4d935c48bed1fe3c424a58413d8a5b010699865a6b3
Instruction ID: 6a7eb5a15b1fe154d652263c80d1306ec1629084a7d7dadc0ac4f919420e82d2
Opcode Fuzzy Hash: 8ceeb112beb4a0c6336ed4d935c48bed1fe3c424a58413d8a5b010699865a6b3
Instruction Fuzzy Hash: 0FA1D0B3F106254BF3144969CCA43A1B283DBE5320F2F82388E9CAB7D5E97E6D055384

Function 00C6618B Relevance: 1.5, Strings: 1, Instructions: 270COMMON

Download Yara Rule

Strings

`, xrefs: 00C66286

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: e0713d08a0d19f68163abb322b4d825a4796f4701569912c3175b9645193e5dc
Instruction ID: 7cfc4564c2ae885fcdea9b39f92700aed0fc879a01bafda771345d6d8457d801
Opcode Fuzzy Hash: e0713d08a0d19f68163abb322b4d825a4796f4701569912c3175b9645193e5dc
Instruction Fuzzy Hash: 8391ADB3F116244BF3484925CC683A26683EBD5324F2F82788B5D6B7C9D8BE5D4A53C4

Function 00C1E0B3 Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

\, xrefs: 00C1E1A9

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: \
API String ID: 0-2967466578
Opcode ID: 9164afecf67485ff475edf7fc3105c2920232ab55cb7812c8021eabb309de468
Instruction ID: fbd70259e7707037b2527c0b40deb5eb49a286130fb464606b070938e59d1531
Opcode Fuzzy Hash: 9164afecf67485ff475edf7fc3105c2920232ab55cb7812c8021eabb309de468
Instruction Fuzzy Hash: D291ACB7E102258BF3204E68DC98361B693AB95320F2F42789E9C7B3C5D97E6D4593C4

Function 00BC7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00BC7465

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: InitializeThunk
String ID: _^]\
API String ID: 2994545307-3116432788
Opcode ID: 3cf2b3d098589daf791fddf2bc5a9d9fab9ccbae3b7b82cc8322e3607672d2c4
Instruction ID: e1b0c678f88f7b0d5ab100612b455dec4ec71e1b0c8c4120f59e015bdae89ba8
Opcode Fuzzy Hash: 3cf2b3d098589daf791fddf2bc5a9d9fab9ccbae3b7b82cc8322e3607672d2c4
Instruction Fuzzy Hash: C27129B1A8C3005BD7189B28DCD2F3B76E5DF92318F1884BCE48697392EA75DC058B52

Function 00C942AB Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

T, xrefs: 00C94351

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: T
API String ID: 0-3187964512
Opcode ID: 90ea56f744a43b7bd850ed66a1f2b470da1494032605498843a9ba1cb3972058
Instruction ID: 130d6bae65edbaf90f0a16269fe7270639aafdf38f8af4c4344be9f5fd53d123
Opcode Fuzzy Hash: 90ea56f744a43b7bd850ed66a1f2b470da1494032605498843a9ba1cb3972058
Instruction Fuzzy Hash: EB91B1B3F212254BF3444938CCA83A27683DBD6310F2F82788A589B7D5DD7E9E095384

Function 00C2E0A8 Relevance: 1.5, Strings: 1, Instructions: 258COMMON

Download Yara Rule

Strings

W, xrefs: 00C2E21B

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: 3226f7b7e5aa07bda2890d360c5d2f35df78801352491d1f5e308c40dce10f05
Instruction ID: 588ea9236293291cbebb2be1a74feb4ba35dfaca428e1da0be6927d3d494bfb9
Opcode Fuzzy Hash: 3226f7b7e5aa07bda2890d360c5d2f35df78801352491d1f5e308c40dce10f05
Instruction Fuzzy Hash: 7B91AFF3F2252147F3544928DC583A26283ABD5324F3F82788E9CAB7C5D97E9D4A5384

Function 00C284F7 Relevance: 1.5, Strings: 1, Instructions: 256COMMON

Download Yara Rule

Strings

0, xrefs: 00C285B7

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 10fce8303dba3fad5b845c1a9a65f5447525ae7262478ac50b5b53c2b06a500f
Instruction ID: 2afbe98a83f28bf1b8af7039ef3d98864ba2814c320572488bc6a5a9149e5258
Opcode Fuzzy Hash: 10fce8303dba3fad5b845c1a9a65f5447525ae7262478ac50b5b53c2b06a500f
Instruction Fuzzy Hash: C791ACB3F121244BF3444D29CC583A276839BD5320F3F82798A5C9BBC5ED7E6D0A5284

Function 00BC81EA Relevance: 1.5, Strings: 1, Instructions: 249COMMON

Download Yara Rule

Strings

r, xrefs: 00BC831A

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 5e6865560696ac09d63389c438b89cf87bf58bbee6db4ee31e011dc4e170e666
Instruction ID: 23ba0104ac3ca5ba3c87429896a6d15a4a5df203afe7de1245f1b9474dde76fd
Opcode Fuzzy Hash: 5e6865560696ac09d63389c438b89cf87bf58bbee6db4ee31e011dc4e170e666
Instruction Fuzzy Hash: 6481F3B454C341DFD7209F28D855B2BBBF0FF81314F1448ACE1958B2A2DB799909CB96

Function 00C6B126 Relevance: 1.5, Strings: 1, Instructions: 234COMMON

Download Yara Rule

Strings

q, xrefs: 00C6B348

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: q
API String ID: 0-4110462503
Opcode ID: d8c6bc35f9edac166ec2dab188f5b4245ffe560ebe8477f88e77f1aef79f2403
Instruction ID: cd59603abe7fbd175761f90c39db86368b9ee91178aa7b079728f00e745ab859
Opcode Fuzzy Hash: d8c6bc35f9edac166ec2dab188f5b4245ffe560ebe8477f88e77f1aef79f2403
Instruction Fuzzy Hash: 82818BB7F516214BF3544D24CC983617683EBE5320F2F82788E986BBC9D97E6D0A5384

Function 00BAD021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

_^]\, xrefs: 00BAD455

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: _^]\
API String ID: 0-3116432788
Opcode ID: 8488d027642db5d68360763cc5aee7d35b5436fba1de3b863dd252494047a00e
Instruction ID: c8f88580eb2717294d3fc54cb1fba71b24fc68cfbc689349744d12c50cf013dc
Opcode Fuzzy Hash: 8488d027642db5d68360763cc5aee7d35b5436fba1de3b863dd252494047a00e
Instruction Fuzzy Hash: D15106703092008FCB348F14D8D0A36BBE2EB5B71475988ACD5979BA62C671FC46CB55

Function 00BCC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

N&, xrefs: 00BCC173

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 8605583faf8426634eccbeca81402d884398c3ccd55d0282056a69b447866377
Instruction ID: b13afeeadb6f0e536cce96fb22779563b8b6b9d2ecf4f01dff166e13f72727f6
Opcode Fuzzy Hash: 8605583faf8426634eccbeca81402d884398c3ccd55d0282056a69b447866377
Instruction Fuzzy Hash: 2751D721614B804AD729CB3A88517B7BFD3EBD7314B5C969DC4DBDB686CA3CA4068710

Function 00BCC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON

Download Yara Rule

Strings

N&, xrefs: 00BCC173

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: N&
API String ID: 0-3274356042
Opcode ID: 5a4964ec4dcde3c77ebbd88733f2447083e4e09ee9a42bd7839a0577ee6afdee
Instruction ID: 46bbe297c5643b7d7cbbf0b278e74a46c5796be90e40051d38170e1a5de85f58
Opcode Fuzzy Hash: 5a4964ec4dcde3c77ebbd88733f2447083e4e09ee9a42bd7839a0577ee6afdee
Instruction Fuzzy Hash: C451EA25614B804AD72ACB3A8851773BFD3AFA7310F5C96DDC4DBDBA86CA3C94068711

Function 00BAF3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

,, xrefs: 00BAF3E0

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 831332c7e75f5ba57b6600925718778e6169be25925222a37239770929920e2d
Instruction ID: ab7085f13cd8e8fc289ce3fcbb1af7e01e3f9d5d6ae1361155f202f4b401a59a
Opcode Fuzzy Hash: 831332c7e75f5ba57b6600925718778e6169be25925222a37239770929920e2d
Instruction Fuzzy Hash: 1E61F83260C7918BC7109B7988912EFBBD19B9A324F294B7DD9E5D73D2E6388901C742

Function 00C144AF Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

U, xrefs: 00C14597

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: c426f7ab828e0b8b6c286fb011d420287cd935a8e4a0f8fdee5acb975ce4f975
Instruction ID: a4da37577dc4efedd8b95f24f4cd2d6ed61446f316d818ec89ecee0887412d63
Opcode Fuzzy Hash: c426f7ab828e0b8b6c286fb011d420287cd935a8e4a0f8fdee5acb975ce4f975
Instruction Fuzzy Hash: 69518AB3F116214BF3544969CC583A26683ABD5320F2F82788F9C6B7C5D8BE9C4A53C4

Function 00BE1160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

@, xrefs: 00BE123B

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 45aa587c3508b8e32a5d1dea2a0e21ed25687f7dc96fbd794d27d8a3c12520e3
Instruction ID: 075e143dadfa608df249d6d33041e6aa6dc9b2a62935c9f7f73e8343fb646e7f
Opcode Fuzzy Hash: 45aa587c3508b8e32a5d1dea2a0e21ed25687f7dc96fbd794d27d8a3c12520e3
Instruction Fuzzy Hash: D24121B1A083409BD724CF18CC96B7BBBE1FF95314F188A5CE6855B2A0E3359904C782

Function 00BCC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

AB@|, xrefs: 00BCD9F4

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: AB@|
API String ID: 0-3627600888
Opcode ID: 0b7dd3766d1384206f601310034d6c487cd83e1b079a4519f286fc076bea29c1
Instruction ID: cdf14105d7c28517118f051162e06f21931a7a7d63e44050f65c11ce111c372b
Opcode Fuzzy Hash: 0b7dd3766d1384206f601310034d6c487cd83e1b079a4519f286fc076bea29c1
Instruction Fuzzy Hash: 1D41E2751046928FD7228F39C850B72BBE2FB97310B1896ECC0D69B796D734E845CB50

Function 00CAF360 Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

{TS, xrefs: 00CAF47D

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: {TS
API String ID: 0-3733038910
Opcode ID: dbd9f76616192b9f430eae103b1bf5ba8d56da52a7575d8cd19d532e19357e6d
Instruction ID: 9c6b812294f3e21100bb06a7fc3aaee1d12ddc08e792af5864b265bb191569b0
Opcode Fuzzy Hash: dbd9f76616192b9f430eae103b1bf5ba8d56da52a7575d8cd19d532e19357e6d
Instruction Fuzzy Hash: 3E519AB7F1162547F3580839CD69361228397E1325F2F827D8E8DAB7C5E83E9D0A4384

Function 00C3D3A3 Relevance: 1.4, Strings: 1, Instructions: 144COMMON

Download Yara Rule

Strings

4Z, xrefs: 00C3D46A

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID: 4Z
API String ID: 0-2897992537
Opcode ID: 45349b1d1828616b484edf6d84f5a5db130b6dd5ee9347f0f7bc26b5b251f7c6
Instruction ID: be54ef56b1f63df90150d221f0f3a10a310a681b047c38d3a28f2a96a4c74227
Opcode Fuzzy Hash: 45349b1d1828616b484edf6d84f5a5db130b6dd5ee9347f0f7bc26b5b251f7c6
Instruction Fuzzy Hash: AF51C2B3F112258BF3444E28CC993A17793EB96310F2F41789E499B3C5D97EAD095384

Function 00BE0340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

@, xrefs: 00BE03AD

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: a219bb0ffeba6d6b4bc6b784ce86815f6e6f71807717eac9a19ef2513d45be79
Instruction ID: 41b30a009c121d2b6859dca7a5e8fbdd98e736d124114c77abf77eddae861597
Opcode Fuzzy Hash: a219bb0ffeba6d6b4bc6b784ce86815f6e6f71807717eac9a19ef2513d45be79
Instruction Fuzzy Hash: 2D31FD716083448BC314EF58D8C266FBBF4EB85324F18892CE69987390D775D888CBA2

Function 00BCE180 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aec0b92a5da32ab79e81137d02c644f07ce08de1298f1e1a01cf7d37cfbed44
Instruction ID: 3b69a56c2d0708fa86d9d109b8191b3d9fe30487ac0ac5b96793e7f1a3eb93ca
Opcode Fuzzy Hash: 5aec0b92a5da32ab79e81137d02c644f07ce08de1298f1e1a01cf7d37cfbed44
Instruction Fuzzy Hash: DD62B5F2511B819FD3A1CF2AD881793BBE9EB89310F14496ED5AED7311CB7069018F92

Function 00BA73D0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction ID: 4d6e5dbb11b5b2c737b3ce6ecd960f4ccff6741d7715ffe851943bacaf734e66
Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
Instruction Fuzzy Hash: 7122D232A4C3119BC725DF18DC806ABB3E1FFC6315F19896DD9C697285DB34A811CB92

Function 00C781C7 Relevance: .6, Instructions: 584COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed5dce8a284ce1a4c0af342bd6217e7944d68134180bd8273ab2b06672b9133d
Instruction ID: 7663ad15e12e26778164f237f943c7ce054b5d8f0b33e61fa8afa6ccc09b6355
Opcode Fuzzy Hash: ed5dce8a284ce1a4c0af342bd6217e7944d68134180bd8273ab2b06672b9133d
Instruction Fuzzy Hash: 3D129BF3E60A3407F7644878DC993A159829765324F1F82788F6CBB7C6D8BE8D4942C9

Function 00CC2205 Relevance: .6, Instructions: 555COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d25d94e32aa4128718b2407f3e625766e574fe0bebd314ea0cc0d941d0cc235
Instruction ID: a58c53f48ddb7a475127a3fabdcac1f567de892ad7caa758f2e75ffd2a234e52
Opcode Fuzzy Hash: 6d25d94e32aa4128718b2407f3e625766e574fe0bebd314ea0cc0d941d0cc235
Instruction Fuzzy Hash: 4B026AF3F517250BF75844A8DC983A2658297A5324F2F8278CF586B7CAD8AE0D4A52C4

Function 00CCC30A Relevance: .6, Instructions: 552COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1925fe2d590f77331f9027568d3e910abcf534acbae67f6e149737a6c2efa45
Instruction ID: 6c8309af2323e9d4abb30aa95f5f9e7f630d1ae4def4fab1532828aee8c4f422
Opcode Fuzzy Hash: a1925fe2d590f77331f9027568d3e910abcf534acbae67f6e149737a6c2efa45
Instruction Fuzzy Hash: 5F0256B3F517140BF3544469DDD83A2298397E5320F2F8278CBA89B7C6D8BE9D4A5284

Function 00C232BA Relevance: .5, Instructions: 534COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cc7c4ecb554fc6eb95e83ee459d165aa19645e077c7a4cffdd089fb6ca8c77b
Instruction ID: 593bb55e68ff3f535c74ec0c879dff4586fa58fa98208f410e0036a653f2f2e9
Opcode Fuzzy Hash: 6cc7c4ecb554fc6eb95e83ee459d165aa19645e077c7a4cffdd089fb6ca8c77b
Instruction Fuzzy Hash: 0202D0F3E116314BF3504969DD983A6A682DBD4720F2F86399F88ABBC9D87E5C0543C1

Function 00CCA1E4 Relevance: .5, Instructions: 515COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da253990716920e315327b0912642681062c658a869c8a758932e20f9d18386c
Instruction ID: 383141d7d012aae836038ec4eb65edc7cd62dac89ceb14e0b3f76d0b07e96b97
Opcode Fuzzy Hash: da253990716920e315327b0912642681062c658a869c8a758932e20f9d18386c
Instruction Fuzzy Hash: 6702FFB3F152144BF3444938DC98366B697EBD4310F2B823D9B89A7BC8D93DAD0A4385

Function 00D013E0 Relevance: .5, Instructions: 484COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b60d53b98e8814c3810e684f5751fff998c45e2ddd29302d3d7116dab47cc8a7
Instruction ID: 05d54f18dfd12e1a241f784c34249a94412d01e7c6cb628675af18e3ed876961
Opcode Fuzzy Hash: b60d53b98e8814c3810e684f5751fff998c45e2ddd29302d3d7116dab47cc8a7
Instruction Fuzzy Hash: 60F1E2B3F152144BF3088E29CC99366B792DBD5720F2E823D9A899B7C4DD7A6C058385

Function 00C952E6 Relevance: .5, Instructions: 462COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8595a6a6fde097ce343812c2175fab0ac17e429890e299568e2818d687ba3897
Instruction ID: 50efcadf9ad4b6bf1fcb42480545169119c15e9715b2ac151343469960d1ee70
Opcode Fuzzy Hash: 8595a6a6fde097ce343812c2175fab0ac17e429890e299568e2818d687ba3897
Instruction Fuzzy Hash: 59E1E2F3E142244BF3045D28DC68376B696DB95320F2B823DDA99A77C4ED7E9C058385

Function 00CCD01F Relevance: .5, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a51a8d9e6023ef98d08a3e5914defe4ae229297eb4502d736dd88a7ce4218965
Instruction ID: 8e32d2f498c4764a4919e7228ac822da1ee37fe8deffa01a50b51aa44ba849ad
Opcode Fuzzy Hash: a51a8d9e6023ef98d08a3e5914defe4ae229297eb4502d736dd88a7ce4218965
Instruction Fuzzy Hash: 8DE1D4F3F142248BF3045E29DC99366BA92DB94320F2B823CDE88977C4E97E5C458385

Function 00C782BF Relevance: .4, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a25a55f323c0f20adb0e2377f6f4733261475822cee8b45f3888e6e5520d6e39
Instruction ID: 608a311645b57683be96b86f06f9bb313e6dcd01bea631a1af5bb53201a4923f
Opcode Fuzzy Hash: a25a55f323c0f20adb0e2377f6f4733261475822cee8b45f3888e6e5520d6e39
Instruction Fuzzy Hash: BCE16BF3EA0A7507F7640468DC993A159819325324F5F82748F6CFB7C6D9EE8D4842CA

Function 00C4C0A4 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dea571d324a3b1943af4bac4c7e37b9d6b520918e221f85d9dcd782d962b2c00
Instruction ID: 70b9e510c327507d52d4030ff8deb6b9a51d1005212d63df2662fb38c54fffaa
Opcode Fuzzy Hash: dea571d324a3b1943af4bac4c7e37b9d6b520918e221f85d9dcd782d962b2c00
Instruction Fuzzy Hash: 8CD1F2F3F156104BF3049E29DC99376B6D2DBD5320F2A823CDA889B7D8E97E5D094281

Function 00C0416C Relevance: .4, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c13e8b4380e231dd1cf26bb9c1f6f178d73ed904410c1a9f0b39caf41d83bd60
Instruction ID: a3165132237d6aa1111c08a21e842b9b814a10f512b89b1f712b41636cac0276
Opcode Fuzzy Hash: c13e8b4380e231dd1cf26bb9c1f6f178d73ed904410c1a9f0b39caf41d83bd60
Instruction Fuzzy Hash: 20D1E0F3F142148BF3145E29DC98366B692EBD4324F2F82389F989B3C4E97E5C058285

Function 00CCC3EB Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d52c253b2a57afa303ee0bf4e3a0b273f6266f2e35c632cb26eca92b31b3a09
Instruction ID: 8e1c46cffb74df40186c95d251f3ce3a313e35c567bb286f43cae234136e206d
Opcode Fuzzy Hash: 4d52c253b2a57afa303ee0bf4e3a0b273f6266f2e35c632cb26eca92b31b3a09
Instruction Fuzzy Hash: C6D149B3F617150BF3510468DDD83A1198387A5320F6F8278CB6C9B7C6D9FE8D8A5285

Function 00C33058 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e39c301f7297c570c1141de04de7dde64e7c416baf30852ab8e07ab2aba9c53
Instruction ID: f7179fb45917585f1084eccc2aee4341cdedd37f1499a64562c6ca8ce33defc1
Opcode Fuzzy Hash: 5e39c301f7297c570c1141de04de7dde64e7c416baf30852ab8e07ab2aba9c53
Instruction Fuzzy Hash: A8D19CF7F5162547F3580838DD683A2658397A4324F2F82388F5D6BBCAE87E5D0A12C4

Function 00C1926B Relevance: .4, Instructions: 363COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c411fd2831ad5d44475271f378bc105824fedb305c4c035cde5e023946a03fe
Instruction ID: eb95cd8147c78c1e0b91c078e3e06c4f220e0bb99b9755833009dc28f99d12c5
Opcode Fuzzy Hash: 9c411fd2831ad5d44475271f378bc105824fedb305c4c035cde5e023946a03fe
Instruction Fuzzy Hash: F2C1E0F3E102244BF7044D28DD593A67692DBD4320F2F823D9E99AB7C9E97E5D0A4384

Function 00C8B3AC Relevance: .4, Instructions: 360COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90ba919dfbabedc933de08c5535bc18a6d83729d448fa4d71afc9f773aabf612
Instruction ID: 86970a3c0727520bf3da92ec7dcd5116291775800e268200ff25de95b778d1e4
Opcode Fuzzy Hash: 90ba919dfbabedc933de08c5535bc18a6d83729d448fa4d71afc9f773aabf612
Instruction Fuzzy Hash: EAC188B3F526254BF3444969CC983A2668397D5324F2F82388F586B7C6E8BE5D0A5384

Function 00C6825D Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4e993477485cf55ecefe728417d2413f30e5799df800d8179298e703d4fe95e
Instruction ID: 508235edd7f7946f9106148a4fecbb3959768a7a2317bc8817b36139221db378
Opcode Fuzzy Hash: c4e993477485cf55ecefe728417d2413f30e5799df800d8179298e703d4fe95e
Instruction Fuzzy Hash: A1C199B7F112214BF3544978CD683A26683DBD1320F2F82388E49ABBC9DC7E5D4A5384

Function 00CFD309 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58ed65e2dc4066a0d08730ea0807729d41b286525d18abcb69b0391fcd096fc2
Instruction ID: f1a6a09b41c503dd8da6a4371125a9313b6cf2e64b84bb8d6d18b9cdf952265a
Opcode Fuzzy Hash: 58ed65e2dc4066a0d08730ea0807729d41b286525d18abcb69b0391fcd096fc2
Instruction Fuzzy Hash: 3DC19CF3F115254BF3544839CC693A265839BE1324F2F82388A9DAB7C5EC7E9D4A5384

Function 00CF603E Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9332adf8e603ec39ef56268dd6aa57d9ddc472ee173f55ca0605a7ea423701fa
Instruction ID: 4230c7d54deb7918fbbb6a6ba7d04e728fd47d68d7d9fe49d0655913a70f1f30
Opcode Fuzzy Hash: 9332adf8e603ec39ef56268dd6aa57d9ddc472ee173f55ca0605a7ea423701fa
Instruction Fuzzy Hash: 87C18BF3F116154BF3544979CD983626683ABD5324F2F82388B5C9B7CAECBE5C0A5284

Function 00CE5126 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fc10bfe2c65ccbe6bc46c7766814c0e5d5778cad18b124c4c0b05331a0bf07b
Instruction ID: a26ac7188dd719f74d722c08b8a7084c6602cb9cfa54ef0984ee8ab728f97731
Opcode Fuzzy Hash: 7fc10bfe2c65ccbe6bc46c7766814c0e5d5778cad18b124c4c0b05331a0bf07b
Instruction Fuzzy Hash: DEC148F3F1162147F3544839CD983A265839BE5324F2F82788F9C6B7C6D87E9D0A5284

Function 00C6035C Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d44a5aefdfbb5bcba0ec69ebeb0407a289d06d8695ff7e28a66a8f2ef744fda2
Instruction ID: f084cefcb24673bd0ae2c7c76795c252183bac733bbc94c143121c8eadb5a57a
Opcode Fuzzy Hash: d44a5aefdfbb5bcba0ec69ebeb0407a289d06d8695ff7e28a66a8f2ef744fda2
Instruction Fuzzy Hash: CEB157F3F116244BF3584839CD583A266839BD5724F2F82788F5CAB7C5E8BE5D0A4284

Function 00BBE220 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4d21f9e19f80739650dac140e497138f4a790adee31d332ba29aa3f9f73faf8
Instruction ID: 77485a230921515174efb4faa765a02aa88bc1447ac79d7624dc854231f76d1f
Opcode Fuzzy Hash: e4d21f9e19f80739650dac140e497138f4a790adee31d332ba29aa3f9f73faf8
Instruction Fuzzy Hash: 27B1D975504201AFD7219F24CC41BAABBE1FF94314F148A7DF5A4A73B1EB72D9148B82

Function 00C08141 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 167caaedb7fd49d19092c4c9ae73e9712ac2f801ecd15b6021ef9154a9886b53
Instruction ID: 7825e51b7f9f54677a8b5916fe8c567632b2fd617321fd5b213d764de8c8e838
Opcode Fuzzy Hash: 167caaedb7fd49d19092c4c9ae73e9712ac2f801ecd15b6021ef9154a9886b53
Instruction Fuzzy Hash: 8DB16AF3F1162547F3584868CC683626683DBD5324F2F827C8F5A6BBC6D8BE5D0A5284

Function 00C381E0 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c69d8d30635fbf2ae5a108330cb04f61103934a775946b4e47d9579e18ee6dde
Instruction ID: f01804143d6f33b0ef8dc3f6028ab1424c85c948723b7064683a0375783b9ce7
Opcode Fuzzy Hash: c69d8d30635fbf2ae5a108330cb04f61103934a775946b4e47d9579e18ee6dde
Instruction Fuzzy Hash: C6B1BFB3F112144BF3484829CDA93A16583D7D5324F2F823C8F5AAB7D9DCBE6D4A5284

Function 00CEA377 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba6fafd01ad45c72fca0dc5a5ef82d7fa61f749f48525f869900f1c625dcc3d
Instruction ID: dcc21a84445186f73e62a1680679592e01616c1658bd275602ff306ef3f8894e
Opcode Fuzzy Hash: 9ba6fafd01ad45c72fca0dc5a5ef82d7fa61f749f48525f869900f1c625dcc3d
Instruction Fuzzy Hash: 70B16CB7F112244BF344493ACD98362668397D5724F2F82398B8CAB7C5DCBE9D0A5384

Function 00CDC080 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64b073d4fa1beebef3003516e11b4132febedf8d24c3edae7431e7eed260edbd
Instruction ID: d99d6f4e527dbfda0e111de9fae541f0898e145473684eabb051d83e23af460a
Opcode Fuzzy Hash: 64b073d4fa1beebef3003516e11b4132febedf8d24c3edae7431e7eed260edbd
Instruction Fuzzy Hash: C9B187F3F2162147F3544938CD983A2665397D1324F2F82788F5CABBCAD97E9D0A5284

Function 00C3E380 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31d9676f744e22f8243b28c1af9d2f3dc8cc1fbdcf068132975b4d7bd02da724
Instruction ID: c94feb826086836e6ffe605b5d26b7e85e803a7f78f0856d73b86350217d7da3
Opcode Fuzzy Hash: 31d9676f744e22f8243b28c1af9d2f3dc8cc1fbdcf068132975b4d7bd02da724
Instruction Fuzzy Hash: B3B167B3F2122447F3544879DD983A2658397D5325F2F82788E9CABBC5DC7E9D0A4384

Function 00C7A0E4 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6e000aeceff69dd745bdaadc372e8e80956da17dfde806378e46af32eba4b4
Instruction ID: 6ea391da0e67cf960b42231ff355b37ad4276b3bd9a77db4c4ee2bcb2f0c07b6
Opcode Fuzzy Hash: df6e000aeceff69dd745bdaadc372e8e80956da17dfde806378e46af32eba4b4
Instruction Fuzzy Hash: 89B16AB3F116254BF3544D28CC683A13683EB95324F2F82788F89AB7C5D87E9D4A5384

Function 00C8C2BF Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f554d5599035a07ce8502d1f8eeb81540190945cd3330ce272256bcd0936db88
Instruction ID: bc6b107e485c40b67a64ed9384d4e0ee30bdbed01030b04f39f3bb545b059162
Opcode Fuzzy Hash: f554d5599035a07ce8502d1f8eeb81540190945cd3330ce272256bcd0936db88
Instruction Fuzzy Hash: 8CB179F3F512254BF3444939DC983A22683D7D1324F2F82788F58ABBC9E87E9D464284

Function 00CF118C Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1735a9be0c0825d2a7e226bd7bf0d3eab1bae8b84acd2cac865380fa3957baa7
Instruction ID: 5a1ec789ae79a96b39c576d34aa6f9ea8ed957350073b5bd98bea81a6800c9ab
Opcode Fuzzy Hash: 1735a9be0c0825d2a7e226bd7bf0d3eab1bae8b84acd2cac865380fa3957baa7
Instruction Fuzzy Hash: 93B17BF7F1122547F3540928CC683626683EB96324F2F83788FA96B7C5E87E5D4A5384

Function 00C69264 Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e00cc410b30d6f7af29bdae87bd5305c20d70bbc2323317cebd7c47146062126
Instruction ID: 46aab8adce1a2a434bbc480ef5bdd2f6c4cdffd635d01bf3fa5e39b4d5507ec0
Opcode Fuzzy Hash: e00cc410b30d6f7af29bdae87bd5305c20d70bbc2323317cebd7c47146062126
Instruction Fuzzy Hash: A1B18CB3F512254BF3544979CCA83A26643DBD1324F3F82388A996B7C9DD7E9D0A5380

Function 00C461E7 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb75a349a7eb38e25c22f6aeb3cbea6e285bd51827a73d1b157739267bc00943
Instruction ID: 6adfe94b2f833d087c8f60db20a8d9531becfd48e43c44b23d13e2ef9689c062
Opcode Fuzzy Hash: cb75a349a7eb38e25c22f6aeb3cbea6e285bd51827a73d1b157739267bc00943
Instruction Fuzzy Hash: B6B1ABB3F112254BF3544A69CCA43A27283DBD6314F2F81388E496B7C6D97E6D4A6384

Function 00C342B7 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9774c8716225afd8c1ee9990388c9e4b02290846abf589048d27d57d592ca3b
Instruction ID: c81ef558b105a2cc6d2639960faefa35cdbd5a4f2edacf5974a0291117dc200b
Opcode Fuzzy Hash: c9774c8716225afd8c1ee9990388c9e4b02290846abf589048d27d57d592ca3b
Instruction Fuzzy Hash: 4DB169F3F1162547F3544929CC943A2A283A7E5325F2F82788E8C6B7C6D87E6D0A53C4

Function 00C5B159 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3762f037aec9125f4b14a2a8af66df231ed6d3c0d08f2730e46e07bfb94cd172
Instruction ID: 74694b9a8bcb388f1e17f3922876b68fc9d77616849e9c40a4b6a536c5af933c
Opcode Fuzzy Hash: 3762f037aec9125f4b14a2a8af66df231ed6d3c0d08f2730e46e07bfb94cd172
Instruction Fuzzy Hash: 1CB1A0F3F216254BF3544968DC943A26183D7A5321F2F42388F5CAB7C2E8BE9D0552C4

Function 00CDB0A1 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6d2df30b4c5f2aa64efab45533b34b99928814576f16ff003bbbefa2e7a87c
Instruction ID: c25ca0b33030ccce17b4c586d0be98e5a78e980e8a5cf33c28342e967ad22139
Opcode Fuzzy Hash: 6b6d2df30b4c5f2aa64efab45533b34b99928814576f16ff003bbbefa2e7a87c
Instruction Fuzzy Hash: F1A190B3F1151447F3484D39CC683A26683E7D5324F3F82388A699BBC9DD7EAD065284

Function 00C9D298 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 077c3d83e06271c4f7b3409db4815f156e0c73dbba556937f94dcaa3c646884c
Instruction ID: 495afb3772a0e6d816f0b996c02dc8a677700ca2f29f473a6cd969337f388a49
Opcode Fuzzy Hash: 077c3d83e06271c4f7b3409db4815f156e0c73dbba556937f94dcaa3c646884c
Instruction Fuzzy Hash: 37B1ACB3F105254BF3184939CC683A16683DBD1324F2F827C9E59AB7D5D87EAD0A5384

Function 00C2E4B9 Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501a9289bd577440b5946ce8ec3d83742b91e6d139e7b7b9af854ec42638325d
Instruction ID: 96fdcc92cad358f98836aa2974c11f68e9d0b38dbf6f7159073103e0bef9ac5b
Opcode Fuzzy Hash: 501a9289bd577440b5946ce8ec3d83742b91e6d139e7b7b9af854ec42638325d
Instruction Fuzzy Hash: C9B17DF3F2152547F3544929CC583A2668397E4324F2F82788E4CABBC9D9BE9D0A53C4

Function 00CA50BC Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b2947c84b9ea254fd6c5543b702dba9ee30d00e047004801daddf6a1d5ffbf2
Instruction ID: 319091d43576c2f7a4d2db890c0c2c49b42f605ece9c0f60dbe2df89ee601664
Opcode Fuzzy Hash: 3b2947c84b9ea254fd6c5543b702dba9ee30d00e047004801daddf6a1d5ffbf2
Instruction Fuzzy Hash: AFA16EF3F5022547F3544938CD983A26643D795324F2F82788F98AB7C5D9BE9D065384

Function 00C592D1 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b93820bc201c5d9d197db52e23926bc4d1e202d44a4e66aa0a9cee2b3cbb8c
Instruction ID: c0f569799664d2405b61418019657332c07c70deac44f4465fa166c42a695996
Opcode Fuzzy Hash: 58b93820bc201c5d9d197db52e23926bc4d1e202d44a4e66aa0a9cee2b3cbb8c
Instruction Fuzzy Hash: 61B178B3F1122147F3544939CCA83626643DBD5324F2F82788F992BBCADC7E5D4A5288

Function 00BA6160 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction ID: 4b73200bf7be8bb23ba30be5b213884b9a687e1acac01bfa3647db528cbcdffc
Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
Instruction Fuzzy Hash: CCC158B2A487418FC360CF68DC96BABB7E1FF85318F08496DD1D9C6242E778A155CB06

Function 00CD728D Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48f39b949c5e90f81d5612899b076c896b6afd49c7da7503b0c406e8011dbc15
Instruction ID: ee05d92e2df4b89a515d306d8713312572e0c121541f6381b6400f797ba9da51
Opcode Fuzzy Hash: 48f39b949c5e90f81d5612899b076c896b6afd49c7da7503b0c406e8011dbc15
Instruction Fuzzy Hash: B9A178B7F1122547F3544D39CCA83A266839BE0324F2F82798E8D6B7C5EC7E5D0A5284

Function 00CA70D9 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ce9d203dc614db71cf054e7aaccb0f03338b34e9618dc13165669f2746a01b8
Instruction ID: 784a52b55f33f7571168cfdaf6e6546c27b652c01c0a8911e4e880509e56782d
Opcode Fuzzy Hash: 7ce9d203dc614db71cf054e7aaccb0f03338b34e9618dc13165669f2746a01b8
Instruction Fuzzy Hash: C1A157B3F5122547F3544939CDA83A26683D7D5314F2F82388F98AB7C9D8BE9D0A5384

Function 00CB3000 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4d95e31c744506b3d96a0389a87155f985162e5dc8d64a360433a1d599e8aa6
Instruction ID: f577598a7ce00e49e1029a51db02177f98b90ed71b4e9aab875e919ba0eab4ec
Opcode Fuzzy Hash: d4d95e31c744506b3d96a0389a87155f985162e5dc8d64a360433a1d599e8aa6
Instruction Fuzzy Hash: D0A134B3F1162547F3584928CCA83A26583E7D5324F2F827C8F9E6B7C6D87E5D0A5284

Function 00C2C27A Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eecdd5477febbf52e24493b0ab044276a1bab9008666b079a0ef6ea9b6db806
Instruction ID: 08e1a4b5bf54085cb65e2202a3dccceca56614fd68e8226b0419f3f665f62721
Opcode Fuzzy Hash: 5eecdd5477febbf52e24493b0ab044276a1bab9008666b079a0ef6ea9b6db806
Instruction Fuzzy Hash: C0A18BB3F112304BF3544969CC983926293ABD5324F2F82788E9C6B7C5E9BE5D4A53C4

Function 00C6535A Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1e32c63d2247265b47251ab8c6a6487a840912e57ab11102a976a34c8fabb52
Instruction ID: b0138c56de816c804debfb222278b313f3e12805c862194243172235b34ee7c3
Opcode Fuzzy Hash: d1e32c63d2247265b47251ab8c6a6487a840912e57ab11102a976a34c8fabb52
Instruction Fuzzy Hash: D5A17EB3F512254BF3644939CD583A26683DBD1324F2F82788E8C6B7C9D87E6D4A5384

Function 00CEE338 Relevance: .3, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 631a72ed2b8a9355ab6628f58ee5ff209a86989355d301121fe69f5e1aaa92e2
Instruction ID: 499a519dfe9665948ffbbe00ee2e9957abe1682205b641d4a933450cbc77d907
Opcode Fuzzy Hash: 631a72ed2b8a9355ab6628f58ee5ff209a86989355d301121fe69f5e1aaa92e2
Instruction Fuzzy Hash: 48A1ADF7F5022547F3484979DCA93A22683DBA5314F2F82788B89AB7C6E87D5C095384

Function 00C832C2 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3b1a50eaaae64fdf9eb34c25a3f5df2bed63f0d949134ebbdb2966b8d7c5c2a
Instruction ID: 71a318a66a70063c4089fc8b7aa1b913c4a2e4ff4b07b2e50a4036e16bdbda30
Opcode Fuzzy Hash: c3b1a50eaaae64fdf9eb34c25a3f5df2bed63f0d949134ebbdb2966b8d7c5c2a
Instruction Fuzzy Hash: 33A18CB3F2152147F3684D38CC58362A6839BD5315F2F82788E8DABBC9E87E5D495384

Function 00C5C2FF Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 589b81f1933dce4b0e772f5184d51ce82a785863025e798756355635853df34b
Instruction ID: a28222924b53e3406a10f5de65aabee4dbd9d95e48f1c3b03b4eba743f88bd34
Opcode Fuzzy Hash: 589b81f1933dce4b0e772f5184d51ce82a785863025e798756355635853df34b
Instruction Fuzzy Hash: 28A14AB3F612254BF7584839CD68362659397E5320F2F82388F5DABBC9DC7E5D4A0284

Function 00CD205F Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceb3b7e49499da70986cf5c55c2df798647f16d0a9361c0988c4aaa3c122f4f1
Instruction ID: ac12887605fe8063d91fc80a2bf4803018ce0807f392d1a555df3cbb3f2cb44e
Opcode Fuzzy Hash: ceb3b7e49499da70986cf5c55c2df798647f16d0a9361c0988c4aaa3c122f4f1
Instruction Fuzzy Hash: AFA168F7F1122547F3544938CD683A26683DBD1324F2F82788E9C6BBC5D9BE9D0A5284

Function 00CBD2D5 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0247e634fd08b4bd53cf5b0b0908cbf178379d037da1a5730d1f23273b4526a9
Instruction ID: 21ce2ac16cd0c9948143f12cc383b39c37e3a59ba379ee91282e86782b02a6ef
Opcode Fuzzy Hash: 0247e634fd08b4bd53cf5b0b0908cbf178379d037da1a5730d1f23273b4526a9
Instruction Fuzzy Hash: 80A19CF7F5122547F3844838CDA83A26682DB95314F2F83388F59AB7C9EC7E9D095284

Function 00D0820D Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a5b7911b0740b2889fb92aa21012e905af4f05cd18a4d5dd45245f7fe037eea
Instruction ID: bbb0bd60b48d247386d903e63361e3bae65bc3fbf2c801eb5547391d57c10a83
Opcode Fuzzy Hash: 2a5b7911b0740b2889fb92aa21012e905af4f05cd18a4d5dd45245f7fe037eea
Instruction Fuzzy Hash: 48A179F3F5062547F3584839DCA83A265839B95314F2F82788B8DAB7C6D87E9C4A5384

Function 00D063C7 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 696706e4b1de733acf7bf2c8ddb045a86afc85662f5e1a52175725ce69ef1eca
Instruction ID: b2d8dd592862d7f624f2ca48ba910558cc0b9732ff6200dfebf66457f9fb2b32
Opcode Fuzzy Hash: 696706e4b1de733acf7bf2c8ddb045a86afc85662f5e1a52175725ce69ef1eca
Instruction Fuzzy Hash: 8CA168F7F116254BF3444939CDA83A2658397D5318F2F82788E5C6BBCADCBE5D0A4284

Function 00C841F5 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fae3f8234165acf1d65766888d323cb679f3fe80664dd74a55dba52f22549beb
Instruction ID: ebd989f4ec746858256172ccdd4e75aa16989b57c967dde21f22ddef8be65c35
Opcode Fuzzy Hash: fae3f8234165acf1d65766888d323cb679f3fe80664dd74a55dba52f22549beb
Instruction Fuzzy Hash: DDA16BB3F112254BF3544939CD583A266939BD1324F2F82788F8C6BBC9D97E6D0A5384

Function 00C89364 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf9e11bf0690bfd19cdc08a21d912345e7f7c853a3b54f07000c49f3f8ca83cd
Instruction ID: 097f7109ad2db88ddf5d4ca776e24c2cbc48bb772e1d6ac7132cd07035d439cb
Opcode Fuzzy Hash: bf9e11bf0690bfd19cdc08a21d912345e7f7c853a3b54f07000c49f3f8ca83cd
Instruction Fuzzy Hash: 56A167F3F1162047F3484839CD6836265839BE5324F2F82798E59AB7C9ECBE5D0A5284

Function 00C9A0AA Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad761bd253273456f81ad68d23a5ed72e0a89617e5a4e3e4236731388e830a90
Instruction ID: 0c635cafef9253e6bfd1f0308154651bfe1a1e2cc34ef634bb5a773b25b5ddff
Opcode Fuzzy Hash: ad761bd253273456f81ad68d23a5ed72e0a89617e5a4e3e4236731388e830a90
Instruction Fuzzy Hash: CAA18DF3F1162547F3444969DC943A26683D7D5324F2F82788E8CAB7C9D8BE9D0A5384

Function 00CD618C Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4a5bc89b993248251b0b46b32bfe60e136d6c09cdf16ba28be8754e6c091423
Instruction ID: 4ecbed6f67d648948baebc8b7163d7556bd97d44826aeb5c29522bbbf3520882
Opcode Fuzzy Hash: d4a5bc89b993248251b0b46b32bfe60e136d6c09cdf16ba28be8754e6c091423
Instruction Fuzzy Hash: C5A17DB3F1122547F3548879CC943A26683D7E5324F2F82788E98A77C5ECBE9D464384

Function 00C112D8 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9036bc5137efee27c0c63ca9be021181fd338a01d3e140117904324414ffc2a
Instruction ID: 15903b8e9f772a0d8119b9a2cd782790ed500ad34a852a2d57d9a71eca8460d1
Opcode Fuzzy Hash: d9036bc5137efee27c0c63ca9be021181fd338a01d3e140117904324414ffc2a
Instruction Fuzzy Hash: 05A1ABB3F211258BF3544D28CC583A276839BD5320F2F82788E986B7C9D97E6D4A5384

Function 00C7313B Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e6a9c1238cb692482c401738a71b47f491f73b9f0791718b469940f7025416d
Instruction ID: baa1d6f0a2153662b2e5b449dd53e3e239d581a52731c639a6aa116fe7d1a903
Opcode Fuzzy Hash: 1e6a9c1238cb692482c401738a71b47f491f73b9f0791718b469940f7025416d
Instruction Fuzzy Hash: EAA1ADB3F106254BF3584879CD983626583EB95314F2F82388F9CAB7C5D87E9D4A5384

Function 00CC32DD Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3783c7f3640d5d3e521ac4d9f121ad5e6a114fd7513851328edbe33fff49d19e
Instruction ID: 407c27a64a9bf2001f9dd1f4913064614b10d88c6cbf92e0c77c8e7269737807
Opcode Fuzzy Hash: 3783c7f3640d5d3e521ac4d9f121ad5e6a114fd7513851328edbe33fff49d19e
Instruction Fuzzy Hash: 44A18BB3F116244BF3584928CC693A16283DBE5325F2F823D8B9AAB7C5DC7E5D095284

Function 00CF73D4 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcf729140fc7c3ab7513e7346019f648547069e3d23fc508cdb85039b71abcaf
Instruction ID: c5b5fec8ce73a3b355c6e0ae678864a4388012c2a916708dbb3ec59230a1587b
Opcode Fuzzy Hash: dcf729140fc7c3ab7513e7346019f648547069e3d23fc508cdb85039b71abcaf
Instruction Fuzzy Hash: 57A17AB3F102244BF3544A69CC983A27693EB95310F2F82788E886B7C5D97E6D0957C0

Function 00D03110 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3618ad4fabe366a707d840c4b0f22cfe7facbe34f67ffb50f7c4c8b3cb479d9c
Instruction ID: 6784893ffdd626b0875c9d9d4b92a9bd8968f45a159fc18f8985b51673af84df
Opcode Fuzzy Hash: 3618ad4fabe366a707d840c4b0f22cfe7facbe34f67ffb50f7c4c8b3cb479d9c
Instruction Fuzzy Hash: C3A18DB3F202254BF3584939CD683616683DBD1724F2F42788E4DAB7C5D8BEAD0A5384

Function 00C053D0 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6ccd3c8b9f8dba0738846431695dcfd4791cc7d997ba108cee3e223cdc7e320
Instruction ID: 3869a20e3f601f17a6e467a59c83c2541fa2d7ca06b4da6fe1c93ce939e0bf3e
Opcode Fuzzy Hash: a6ccd3c8b9f8dba0738846431695dcfd4791cc7d997ba108cee3e223cdc7e320
Instruction Fuzzy Hash: 77A19BF7F5062147F3544968CCA83A26282EB95324F2F82388F9C6B7C5D9BE5D4A53C4

Function 00C58278 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43c54311ea517dba4a78712fc71b21a92479209de49a3010187e43c31321008f
Instruction ID: ca44c57b6f18f946826c4b66bf57d76f42b8e67a0346a433b2963a0fab171b3e
Opcode Fuzzy Hash: 43c54311ea517dba4a78712fc71b21a92479209de49a3010187e43c31321008f
Instruction Fuzzy Hash: D3A1BCF3F102154BF7444D39DCA83A22683DBE5314F2F82388B595B7C9E9BE59095284

Function 00C0E082 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1e1514b86fd2140701ffeef5b708203f559673bee622e66edb853e955c92bc9
Instruction ID: 14c0935e9c6d5d8bda0a66f88551d4e5fe0f592c4e9109f9e5534df3f3636329
Opcode Fuzzy Hash: f1e1514b86fd2140701ffeef5b708203f559673bee622e66edb853e955c92bc9
Instruction Fuzzy Hash: E1A199F7F112244BF3444D69DCA83626243EB95314F2F82788F586B7CAD97E5D0A9384

Function 00BF72E5 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e4a4ca440ea2d3c3322bbb2fc922df6dc090a7f38450541ab04a1322b93d694
Instruction ID: c67b19a1cafb21c5642606927bd04675d8e029d34b5beb8d2f07ac0cdd30f0ef
Opcode Fuzzy Hash: 3e4a4ca440ea2d3c3322bbb2fc922df6dc090a7f38450541ab04a1322b93d694
Instruction Fuzzy Hash: 709148F3E186109FE3056E68DC4576AB7E6EFD4310F1B853CDAC897784EA3948058786

Function 00CE4091 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b995706528b9c1b758d75f0f94f8bc3d35db9345369391b7fc0bd672402d2cb8
Instruction ID: 61b69543dd05f9e598c116b0d71e8a4fb38560521e8f3762503f5c3b5a6a2f6d
Opcode Fuzzy Hash: b995706528b9c1b758d75f0f94f8bc3d35db9345369391b7fc0bd672402d2cb8
Instruction Fuzzy Hash: 14A18CB3F1162547F3548879CD583626683D7D5320F2FC2788A58ABBCADD7E9C0A4384

Function 00C411D3 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cedd301d8eac8e734fb4b2d1f2315e9aa0cd90e91f0d80be7d1e5884f6008100
Instruction ID: 18fae6ddb7c47a09725c520f352c22196ffae24a1ffc146416227ee6b106a69f
Opcode Fuzzy Hash: cedd301d8eac8e734fb4b2d1f2315e9aa0cd90e91f0d80be7d1e5884f6008100
Instruction Fuzzy Hash: A2A159F3F6262547F3584835CC693A2258397E1324F2F82788F9A6B7C9DC7E5D0A1284

Function 00CB70DC Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950ebe566a8e1947aa2e193408f824d9b88c52823f3b6511292111f3482bf061
Instruction ID: 07d65e1901b922c6ca89667b2cc9e4c49eb255a6dcdd24b44c25c95fc88da1e7
Opcode Fuzzy Hash: 950ebe566a8e1947aa2e193408f824d9b88c52823f3b6511292111f3482bf061
Instruction Fuzzy Hash: 14A146F3F102354BF3544868D998362A58297A5320F2F82789F9C7B7C6E87F5D0A52C4

Function 00C030E9 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58d56e8bc4e9e8342cb69f01b07123147257cc89ffa4e4974778b622a6af7b60
Instruction ID: aa846756c4014954285484c2d9c93d7da0b19ba8bd0cbb96e783eef4e89a78a5
Opcode Fuzzy Hash: 58d56e8bc4e9e8342cb69f01b07123147257cc89ffa4e4974778b622a6af7b60
Instruction Fuzzy Hash: F3A19CB3F1022547F3544D29CC68361B283DBE5324F2F827C8E59AB7C5E9BE6D495284

Function 00D041F9 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f1c01e71cab1ea26075e8e5521b1db40111b1a867dfb9decc0c33adfc0887e
Instruction ID: f2ec36f523d50f1a217b8a410e25fcbf4ed013d23ab24e4d8d9a2a406e998c8f
Opcode Fuzzy Hash: 24f1c01e71cab1ea26075e8e5521b1db40111b1a867dfb9decc0c33adfc0887e
Instruction Fuzzy Hash: 49918FB3F112254BF3544938CC683626683DBD5320F2F82789E5DAB7C9D87E9D4A5384

Function 00C0A241 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5587f05de7b1377f18ef33b5c9bab639a9819dad61df4f90872207b257d9908f
Instruction ID: 25355a30051612656e200e6f209d089f41864f0cf227664df0fecbbae5dfc711
Opcode Fuzzy Hash: 5587f05de7b1377f18ef33b5c9bab639a9819dad61df4f90872207b257d9908f
Instruction Fuzzy Hash: 2BA159B3F102254BF3544929CDA83A26683DBD5324F2F42388F5DAB7C5D97E9D0A5384

Function 00C52076 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fb70b6790164fa9442fa5b3867e010b699b2d794685b1f9c790abea2cddb5cd
Instruction ID: b2ae98086f14d48391f32546ad9535950f50003a339f767e01405d4ac8928fc4
Opcode Fuzzy Hash: 5fb70b6790164fa9442fa5b3867e010b699b2d794685b1f9c790abea2cddb5cd
Instruction Fuzzy Hash: 43916BF3F1162147F3984878CDA936265829B95324F2F83388FA9AB7C5D87E5D094384

Function 00BF7336 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b79509d142e3d71ed005f00d0cb4521b60f3a22ce3a68719b653c49523e126d8
Instruction ID: 4c1f7ebcdc99c921a3af4daf60291236610a358bbb054424cbe7fdc2cebe65d9
Opcode Fuzzy Hash: b79509d142e3d71ed005f00d0cb4521b60f3a22ce3a68719b653c49523e126d8
Instruction Fuzzy Hash: 769138F3E186109FF3046E28DC4576AB7E6EF94310F1B853CEAC897784EA7948458786

Function 00C530D1 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4069e21125bbc17ae67d083839ee7ca70b83934dca90835e53160614f588edb6
Instruction ID: 02d0ad9ba937530e39a56cd2f9d76b482892797d5c96f706aa15a6773cae205b
Opcode Fuzzy Hash: 4069e21125bbc17ae67d083839ee7ca70b83934dca90835e53160614f588edb6
Instruction Fuzzy Hash: EE91AFF3F212254BF3540978CD983626683D7D5724F2F82788F58ABBC9D8BE5D0A5284

Function 00C75028 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f346623fb0391dc63fa1b698142940d399e0a20f64b4f09e9ea186d46f0e05f8
Instruction ID: 7a737d614762faadcb4ca81ff57045de323351bc70f242914ecf88d27772c0c1
Opcode Fuzzy Hash: f346623fb0391dc63fa1b698142940d399e0a20f64b4f09e9ea186d46f0e05f8
Instruction Fuzzy Hash: EA9159B7F1062147F3444878CDA83A26683DBD5324F2F82388E59AB7C9DC7E5D464384

Function 00C4E0AA Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66a3eaee21071e9e16af466df94225ca75f02ade510d49f58f3932a3c18f3e81
Instruction ID: 4172e4e275b9e4eb212a76fb7ad5c7837fefd84a013e12ddae7e3b40ce9ca112
Opcode Fuzzy Hash: 66a3eaee21071e9e16af466df94225ca75f02ade510d49f58f3932a3c18f3e81
Instruction Fuzzy Hash: 2E9179F3F1122647F3584978CDA936266829B91320F2F82788F5DAB7C5DC7E5C495384

Function 00C1719A Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d6369904a3cf8731000e27eb0649e9b7daa5133591cb92b771d02d5f112733e
Instruction ID: 4b195440acff79730fc49112655cd34143b6ee2d5bd83bcefedf03618679f934
Opcode Fuzzy Hash: 0d6369904a3cf8731000e27eb0649e9b7daa5133591cb92b771d02d5f112733e
Instruction Fuzzy Hash: 6C91BEF3F111254BF3544939CC683626683DBD5324F2F82788A98ABBC9DC7E5D4A5384

Function 00C71130 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33344f0d685d654335eebe6c6481ff847c3f553a5e926441ba88f7066f7c7ed3
Instruction ID: f371ce5087ea7526d7c5842004731243a24c88cbc536150091aa89ba518af280
Opcode Fuzzy Hash: 33344f0d685d654335eebe6c6481ff847c3f553a5e926441ba88f7066f7c7ed3
Instruction Fuzzy Hash: 88918CB7F612254BF3584D28CCA83A27282DB95324F2F827C8E5D6B7C5DC7E6D095284

Function 00CE321E Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a73c9a3bd271d8365d8ed0d86a137c30e7af1045d8b363d9e91ef54812a7558b
Instruction ID: a23c8c98171bdc5dd1f56359042dacee8daba08d5a8804234e768d0d3a90e835
Opcode Fuzzy Hash: a73c9a3bd271d8365d8ed0d86a137c30e7af1045d8b363d9e91ef54812a7558b
Instruction Fuzzy Hash: 2F91A2F3F1162547F3444968CC983A26683D794324F2F82788E9CAB7C6E8BE5D4A53C4

Function 00C641EC Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60f5a1a7348eb40f7ccb7191ca6d31262fda2f98cad2c82a3b42f60b94c4e9e0
Instruction ID: c9e540d27d6d97075bfce6bbf77a366a81cedc6732bc92f0536fc8cc8c3a98e1
Opcode Fuzzy Hash: 60f5a1a7348eb40f7ccb7191ca6d31262fda2f98cad2c82a3b42f60b94c4e9e0
Instruction Fuzzy Hash: 77918CF7F2112547F3544D39CC583A26683DBD1314F2F82788E88A77C9E87E9D4A5284

Function 00CA31BF Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a87e4bb7d500121b0e062d0954ea8e554a24cc16793ac3489f106022524c117b
Instruction ID: 9906ee8905f1f5ab8cfa4e79e7199778d1ae7c25cf9c302d32bf4e0b279d78a8
Opcode Fuzzy Hash: a87e4bb7d500121b0e062d0954ea8e554a24cc16793ac3489f106022524c117b
Instruction Fuzzy Hash: 8A91B0B3F112254BF3444D68CC983A17682EB95324F2F42788F9CAB7C5D9BEAD095384

Function 00C3043E Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f492093175e1d27e2e59a15684859e499f9fc59084dc9a65e7b56a323474e50
Instruction ID: 1a2eb045b1dfdb4676e45628515cdc40cb349b31facb4e24398bd40daa89ee46
Opcode Fuzzy Hash: 5f492093175e1d27e2e59a15684859e499f9fc59084dc9a65e7b56a323474e50
Instruction Fuzzy Hash: FF918AB3F1122187F3580969CC683626692ABD1324F2F82788F8D6B7C5DD7E5D4A53C8

Function 00C1C2B6 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e39438cbe1a990698c45cad85544db6aafacac661902e2a95d662228de3157b
Instruction ID: 8f0f12dfb21d1c0b8efc04f766e27656c6a3a8b13ac8dfae6eaca36997c760a2
Opcode Fuzzy Hash: 7e39438cbe1a990698c45cad85544db6aafacac661902e2a95d662228de3157b
Instruction Fuzzy Hash: 3C917BB3F1122547F3544878CD9936265839B95320F2F82788E8DAB7C5DCBE9D4A53C4

Function 00C9C407 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7442110b9c24b085c9ba975fb6c0507fc4e72481ad5a7ee5c2dd5e6f747e2850
Instruction ID: e58807c9eba96d34191481146310ec9d1a8e2568ef4ec4bd9aee0ce7d5adb764
Opcode Fuzzy Hash: 7442110b9c24b085c9ba975fb6c0507fc4e72481ad5a7ee5c2dd5e6f747e2850
Instruction Fuzzy Hash: 62918AB3F112254BF3544D39CC993A176839BD5320F2F82788E889B3C4D9BE6D4A9384

Function 00C99108 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 031960572635a8e8fcf772b69831c3ea2fd680f37f49051ea338ac95501c9b39
Instruction ID: b9636994682e1dd6516d2c99e49a58e7f511defb3b88e2b5d5318ed37a0d25e1
Opcode Fuzzy Hash: 031960572635a8e8fcf772b69831c3ea2fd680f37f49051ea338ac95501c9b39
Instruction Fuzzy Hash: F0918DB3F1122547F3544D28CCA83A27693DBD5324F2F82788E986B7C9D97E6D0A42C4

Function 00D0928D Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 976a388cb5d7d598754561793dea040679f38471fdd2e3f06d47df12ed2e9c7c
Instruction ID: f2e369eba2565caf4229b87a86404cce003dfdf6fc8c03c4ae8556cd12d4f49c
Opcode Fuzzy Hash: 976a388cb5d7d598754561793dea040679f38471fdd2e3f06d47df12ed2e9c7c
Instruction Fuzzy Hash: CD918BB3F1122547F3584975CCA83A26683D7D5320F2F82788B9A5BBC9DCBE5D0A5384

Function 00CB4190 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d12e358c69d8093fa7ca78f7d7654e96f998abe66f2cd53e0766e8a643da0479
Instruction ID: 1249fd8c85bb79c8e95b91668a476f8da34db67af79af90641bd7e46065ffda5
Opcode Fuzzy Hash: d12e358c69d8093fa7ca78f7d7654e96f998abe66f2cd53e0766e8a643da0479
Instruction Fuzzy Hash: 1F916BF3F516244BF3444938CD993A26683DBD5315F2F82788F486BBC9D87E5D0A5284

Function 00C3B36B Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 190cdf5939a905cd80403087685f859226cb20afcb210a34cf7ea29ea7e34d7d
Instruction ID: a91843ae1c01c535542f2401974005ebc7e719414c03c311306a1d38a15c3909
Opcode Fuzzy Hash: 190cdf5939a905cd80403087685f859226cb20afcb210a34cf7ea29ea7e34d7d
Instruction Fuzzy Hash: D8918CF3F212154BF3584D29CCA83627683DB95310F2E823C9B569B7C9D97EAD095384

Function 00BC04C6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction ID: e11ce8e52081299a0608885839fd56386bbe8cc10c615d5587459c33cd4e11b8
Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
Instruction Fuzzy Hash: 93B17232618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715

Function 00C0B28E Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: def1bd420cb9d559aed6cacd572a38f4cec377a693e08693f23bd5b28d57d899
Instruction ID: ba0189d19e8cd3e1e749f39fc03a7dbbd912d4db94e707d8e37b00d92bcd9747
Opcode Fuzzy Hash: def1bd420cb9d559aed6cacd572a38f4cec377a693e08693f23bd5b28d57d899
Instruction Fuzzy Hash: E8919DB3F116254BF3584928CC693A53682DBD5711F2F823C8E89AB3C5DD7E5C0A5384

Function 00CFB13B Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24bb136db703698b8e0c12debef501a0d6a3b8bc1278d0a0c2d270414591dceb
Instruction ID: 30444158401d2d3b11d1a826a05957c6ea113cf9a97365462e6c26b1de3a8005
Opcode Fuzzy Hash: 24bb136db703698b8e0c12debef501a0d6a3b8bc1278d0a0c2d270414591dceb
Instruction Fuzzy Hash: 9A9159F3F2162547F3444964CC983A26643D7E5324F2F82388F5D6BBC6D8BE9D0A5284

Function 00C213E1 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5bc0c35d8f905cbadbc7f35e80663a8d1a3c82cbd699face5adaa6f913888f3
Instruction ID: 01ac971b1030ecf3952f1efee79ca53834b325cda0276cf1d7238b39c77b1fce
Opcode Fuzzy Hash: a5bc0c35d8f905cbadbc7f35e80663a8d1a3c82cbd699face5adaa6f913888f3
Instruction Fuzzy Hash: C191EFB3F1162047F3544928DCA83616683DBE5324F3F82798EA96B7C6DCBE5D0A5384

Function 00CDD4C6 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b7d002a598760844e3ddadc7cf158d3b62a0bdb2fa26567040f3e68a959fba9
Instruction ID: 04016abfef8d011af7b3c050f9cf546dae58c8bf333638fbd38c0282be5f6f77
Opcode Fuzzy Hash: 2b7d002a598760844e3ddadc7cf158d3b62a0bdb2fa26567040f3e68a959fba9
Instruction Fuzzy Hash: EE91F1B3F1122547F3544928CC983A17282DB96320F2F82798E5CAB7C5DD7E9D0953C4

Function 00C673FC Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 200d1913cead6487b327d5a2c737898aafb80751986a8ff6c0df666a464c643e
Instruction ID: 39e7735978e827b758c91fb289762ef6ec7ec4afa1524867b2c859a93ea5f497
Opcode Fuzzy Hash: 200d1913cead6487b327d5a2c737898aafb80751986a8ff6c0df666a464c643e
Instruction Fuzzy Hash: D991ACB3F5122547F3584878CD693A16682DB91324F2F82788F8DAB7C5DC7EAD095384

Function 00C400B6 Relevance: .3, Instructions: 255COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86563b528afae2b2d4e39db71f6ac263db7f5c8375a0a52388b68bb6cc574a54
Instruction ID: 539e0f0e681006ee57627db18aa873318258eeccb27d318f8ba6013f2cb76381
Opcode Fuzzy Hash: 86563b528afae2b2d4e39db71f6ac263db7f5c8375a0a52388b68bb6cc574a54
Instruction Fuzzy Hash: 1B919CF3F6162147F3540978CC983616583DBA5325F2F83388FA8AB7D5D8BE9D095284

Function 00C140AC Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 517112da4ca03bec74d50a2782515fe104f4638b8441efe4f20d742a7ee51a46
Instruction ID: be2a02f5f82a32b1fa44fed69b6cdaecc85c3365d150be6f6e42535342bcda60
Opcode Fuzzy Hash: 517112da4ca03bec74d50a2782515fe104f4638b8441efe4f20d742a7ee51a46
Instruction Fuzzy Hash: 82919DB7F112204BF3544928CCA83A27693EBD5314F2F82788E896B7C9E97E5D495384

Function 00C1030B Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34999f9557c21d28f44091fb9259af0efc7c2eaad19fb073a210886bd3a632af
Instruction ID: 52621b4689e073c986d8acb67ea424e0bd39a95b6c2d37b9fe2fc0a960fcbf4c
Opcode Fuzzy Hash: 34999f9557c21d28f44091fb9259af0efc7c2eaad19fb073a210886bd3a632af
Instruction Fuzzy Hash: 2E916CB3F1122547F3544969CC983A26243D7D5324F2F82389E9CAB7C5E8BEAD4A5384

Function 00CA24A0 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a94c26ebfcc5affc4493c75f10dc0e303f898fc65c239cfab85a9228ec19bc8
Instruction ID: 01ddc87ec6ff9b744bcb7bdde71dea5b4652c3e4d44c2cf8616725b878766376
Opcode Fuzzy Hash: 5a94c26ebfcc5affc4493c75f10dc0e303f898fc65c239cfab85a9228ec19bc8
Instruction Fuzzy Hash: 66818AF3F112254BF3540964CCA83A2A683E7D5324F2F82388E5D6B7C5D97E5D0A52C4

Function 00C7D2FB Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5579ae549463219cf20165f2f976b1504118477c9fce1a5ec71527aa98596b76
Instruction ID: 510c73fd563586d1ba983568b46699c9e6783994ea670383583593f40aef96fa
Opcode Fuzzy Hash: 5579ae549463219cf20165f2f976b1504118477c9fce1a5ec71527aa98596b76
Instruction Fuzzy Hash: 8D8178B3E102254BF3604D28DC983926693AB95324F2F82788E8C7B7C5D97F5D4A83C4

Function 00BE0460 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2ea4823a78712581ebbce35e17ddcf4d9fe590cdbe444aa74d2f97e12c864a28
Instruction ID: 6a6ceac5af18f78b8e8195c52416cfc95a9c08ff188cadcba82ba1d399e41590
Opcode Fuzzy Hash: 2ea4823a78712581ebbce35e17ddcf4d9fe590cdbe444aa74d2f97e12c864a28
Instruction Fuzzy Hash: 216155356183818FDB14AF19C890A3EB7E2EFD5320F19856CE9858B391EB70DC91D782

Function 00C50266 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 638042971adb73a873b31434d447d80e3c0857b931042ba248e7c1005571dc7e
Instruction ID: 571030cfc63d5b9f376d4d25d15906a5a45e2381d97c7e89adc01b59a7d8ade4
Opcode Fuzzy Hash: 638042971adb73a873b31434d447d80e3c0857b931042ba248e7c1005571dc7e
Instruction Fuzzy Hash: 49816EB7F5162147F3444929DC983A22683E7D5324F2F82388F48AB7C5D97EAD4A5388

Function 00CBE1DF Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c42b299517d3d7cbd5c774fe7fa4a60554312f01f16650ce14733f77089c4a1
Instruction ID: 141f4dc34a784a0090802e09fa0a76b9b57c81a2d02a3537b5276bbb9f9fe960
Opcode Fuzzy Hash: 4c42b299517d3d7cbd5c774fe7fa4a60554312f01f16650ce14733f77089c4a1
Instruction Fuzzy Hash: FA818BF3F516264BF3544839CC693A166839BE1324F2F83388E59ABBC5DC7E5D0A1284

Function 00C1A2A4 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48b7a8f044d6300217c3654ff26bb0c98ba5fc0abf57fd7b28d190a29f4e330f
Instruction ID: 284c57ff0d276a2bbe61eef3d0f9729791b49ad7b76bd8bd1c83bc5b49a8423e
Opcode Fuzzy Hash: 48b7a8f044d6300217c3654ff26bb0c98ba5fc0abf57fd7b28d190a29f4e330f
Instruction Fuzzy Hash: 2581CCB3F516244BF3144D68CCA83A17683EB95320F2F427C8E996B7C5D97E6E0A5384

Function 00CFF4C2 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e28c7ef711c5c3a8f38edadc3e6fe60ccb56d2555755199227def89225e063d3
Instruction ID: be82f1a504c88527f14b5ef4789d3931eedfbf148ba55634addd7abd7590bbed
Opcode Fuzzy Hash: e28c7ef711c5c3a8f38edadc3e6fe60ccb56d2555755199227def89225e063d3
Instruction Fuzzy Hash: E7819CF3F2162547F3444D29CC983627683EBD5324F2F82788E98AB7C5D97EAD095284

Function 00C02412 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37be526b8d77e516c58be0a029ac27d1681da62b4b634ee21c2b30bbb5a0a17d
Instruction ID: 2763873c06f32a737e5cddaa09be0bcdd6933ea84e974e2ef94b65a2b594885a
Opcode Fuzzy Hash: 37be526b8d77e516c58be0a029ac27d1681da62b4b634ee21c2b30bbb5a0a17d
Instruction Fuzzy Hash: 37816CB3F112254BF3544929CC983A27683DBD5314F2F81788F486BBC9D97EAD0A5388

Function 00C79107 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67fe0753e875a568b020b18c274a24d1229551f3cca82f8802c4aff38affeb7e
Instruction ID: 84d3efe66b3359b0216ad0ba0cd4b8f2b4660100f8b120217ada5c7eb578df39
Opcode Fuzzy Hash: 67fe0753e875a568b020b18c274a24d1229551f3cca82f8802c4aff38affeb7e
Instruction Fuzzy Hash: 7D8189B3F116204BF3444E29CC943917693EBD5320F2F82788A885B7CAED7E6D4A5784

Function 00CAB32C Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00ee4e7853eb4a0f292d5dcb4c8b993dad04ef99d995389f7dbfd6300abf3467
Instruction ID: 2848b8fe33f8a505a283d9132f8d17f40be293f4c0f6ebdfad01210f462b0400
Opcode Fuzzy Hash: 00ee4e7853eb4a0f292d5dcb4c8b993dad04ef99d995389f7dbfd6300abf3467
Instruction Fuzzy Hash: 8E8169B3F1122547F3544968CC943A272939BE5325F2F82788E8C6B3C5E97E6D4A53C4

Function 00CFE301 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdc09bdb1057307307d2d86a431e97da4cb0608e7e5ac8810a82a60b3d7cda41
Instruction ID: 7496b7e3b8aa0964a8641f6989bee032dcd1daa43d3afccfee8dcca6a4a2fbb8
Opcode Fuzzy Hash: fdc09bdb1057307307d2d86a431e97da4cb0608e7e5ac8810a82a60b3d7cda41
Instruction Fuzzy Hash: 19817CB7F112254BF3544938CC883617A43DBD5310F2F82788E985B7D9D97E6E4A5384

Function 00CBF173 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6429407872e2ef9fd28505a76eddbf8a3903ebadb1d770f5d9d8df1aa0cd847
Instruction ID: 0f57076a220a973f686ebc44c03ca5c084f5ca2ed4ca5134cbe7ad0058055032
Opcode Fuzzy Hash: b6429407872e2ef9fd28505a76eddbf8a3903ebadb1d770f5d9d8df1aa0cd847
Instruction Fuzzy Hash: DC818CB7E502254BF3544979CD583A17693DB90320F2F42388E8CAB7C5E9BEAD4A53C4

Function 00CE8166 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78b827815fa3f3815b1a362c140c6f3477dd808837abb0b7de117f2052636b82
Instruction ID: a814037adbdc2d65a235dd7f81f076fa983b00e626479efc2ffcce9309ec51a1
Opcode Fuzzy Hash: 78b827815fa3f3815b1a362c140c6f3477dd808837abb0b7de117f2052636b82
Instruction Fuzzy Hash: 598179F3F1122047F3584929CC683666683DBD6324F2F82798E9D6BBC5D87E5D0A5384

Function 00CD529F Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b912ac5426c19d56de193cdd24d01f0a8649368cde1700c6b548ee02aa2496d6
Instruction ID: 3e4dc693af355e366c813c4d601a3267bcf1eb09d74b2de8aaf863c5cf8292de
Opcode Fuzzy Hash: b912ac5426c19d56de193cdd24d01f0a8649368cde1700c6b548ee02aa2496d6
Instruction Fuzzy Hash: C1816AB3F112204BF3544D25CCA8362B282A795324F2F42788F5C6B3C5DD7E6D0A82C8

Function 00CBA269 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79202874249ccd69f3508132063b0be9b04b64cd19bbbaf915fd756cbe9110f0
Instruction ID: 9599acaebacd5ab9b5ca3d6bdcbe771c7e329689574a5b6ee9205bd81cc366ff
Opcode Fuzzy Hash: 79202874249ccd69f3508132063b0be9b04b64cd19bbbaf915fd756cbe9110f0
Instruction Fuzzy Hash: E7815BF3F616254BF3444934CD583A12643EBE5324F2F82388F98677C9D9BE9A4A5384

Function 00C0D228 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2775cf53c57d73a7da9257fe633e7ecb7cf22a7e1a0af4ace4984a67e6ff0686
Instruction ID: 86f6bfc7c0432f4c097fce738ca6dbdcc2799a1e41e53f26e0c6fb4fc92efbf3
Opcode Fuzzy Hash: 2775cf53c57d73a7da9257fe633e7ecb7cf22a7e1a0af4ace4984a67e6ff0686
Instruction Fuzzy Hash: 957119B3F112254BF3544879CDA83626943DBD5324F2F82788E9CABBC9E87E5D0952C4

Function 00CE0295 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9e6962afcc3857e5a2dd855aa6e2747907811bbc88e072d9c6204ba475c6533
Instruction ID: d989f5655ea18675b02ecee7c9960f0c406f755d137e36147269fbc698ca7689
Opcode Fuzzy Hash: e9e6962afcc3857e5a2dd855aa6e2747907811bbc88e072d9c6204ba475c6533
Instruction Fuzzy Hash: 8D7159B3F2122547F3544D38CC983A2A683AB95320F2F82788E586B7C5D97E6E0953C4

Function 00C3A435 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c118ca6555dc0fec9855a865857d7991c649f0008649dc8340e593290ee096c2
Instruction ID: 3b13ed9d7b3cf8ecc5e748534f788e7e7e636adeda8c25c9565f69bd9fabba10
Opcode Fuzzy Hash: c118ca6555dc0fec9855a865857d7991c649f0008649dc8340e593290ee096c2
Instruction Fuzzy Hash: E7817DB3F102254BF3544D68CCA83A27692DB96314F2F82788F886B7D9D97E6D0953C4

Function 00CCE03D Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f1ae2b0dc7214bedfaae7c4c55db53e4254a8f08488ff08712a43de65242e56
Instruction ID: dc4c92b62e63005c78a512b32b348cff81231608a1b151425e3f0a0d29c33dbe
Opcode Fuzzy Hash: 2f1ae2b0dc7214bedfaae7c4c55db53e4254a8f08488ff08712a43de65242e56
Instruction Fuzzy Hash: 73719EB3E1122547F3944929CC993A27683EBD1324F2F82788E9C6B7C5ED7E9D065384

Function 00CA41AE Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbbb4dfad4083661db1dc037d59fec4381d918dbc65e36286e81ffc5531ebe32
Instruction ID: 39eab8f043b092133eda7ea290beda179e8c055543b9e3197263ddb5fe6710a4
Opcode Fuzzy Hash: fbbb4dfad4083661db1dc037d59fec4381d918dbc65e36286e81ffc5531ebe32
Instruction Fuzzy Hash: 9F7138B3F112258BF3540E28CC843917653EBD5324F2F82788E986B7C5DA7E6D495784

Function 00C624B4 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98e6dbf79a271272ff9b2299e50001f00447746ad7f50014a026d4465fe89a34
Instruction ID: 00518eee12d7ddab5e2b077989412f3e5016168d3f6da3baafcc441e23e3e7ef
Opcode Fuzzy Hash: 98e6dbf79a271272ff9b2299e50001f00447746ad7f50014a026d4465fe89a34
Instruction Fuzzy Hash: EF716CB3F112254BF3504E69DC983A1B292EB95310F2F82788E9C6B7C5D97E6D0953C4

Function 00CB02E6 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a706ba696cb4c564d6feb780e8065536d3fb225460ee438019d32c9b04b4c311
Instruction ID: c029921eaca5f061124596a937c3c16692875a3a4767651e085536e2664266ff
Opcode Fuzzy Hash: a706ba696cb4c564d6feb780e8065536d3fb225460ee438019d32c9b04b4c311
Instruction Fuzzy Hash: DD71C0B3F112154BF3544E29CCA83A27253EBD6310F2F41788A885B7C5DE7EAD4A9384

Function 00C1B2F1 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6c4331512ad1ac9a7469aa6b1995004b245f5a065f4c0f1e727a6451265985a
Instruction ID: 7a1c3c10e93c1c683df38b0c41f461e50aa8850b453138af4126daf3e4d60e78
Opcode Fuzzy Hash: b6c4331512ad1ac9a7469aa6b1995004b245f5a065f4c0f1e727a6451265985a
Instruction Fuzzy Hash: D371C1B3F112244BF3504E28CC943A1B392EB96324F2F42789E986B7D5D97EAD4953C4

Function 00C25295 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 112d45c9a7ae39f7c322995793151e1e1f4e0b5f7ec2d488ba9497de6aa9ab6c
Instruction ID: 320809824ee2bc73e8f8bd17b477c28c5375ae714a591ea2848190ff4a9986c4
Opcode Fuzzy Hash: 112d45c9a7ae39f7c322995793151e1e1f4e0b5f7ec2d488ba9497de6aa9ab6c
Instruction Fuzzy Hash: 55719EB3F102244BF3144D28CC983A27693DB95320F2F8278CE98AB7D5D97EAD495384

Function 00C1609E Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a099c95739ec3d5d36f8b410a5231dbd02549ab0b0cada4c67efe3e47f891e90
Instruction ID: e9d1c6642a635fd64e11082520122dde412834ca702b7702a676eec2be7955f0
Opcode Fuzzy Hash: a099c95739ec3d5d36f8b410a5231dbd02549ab0b0cada4c67efe3e47f891e90
Instruction Fuzzy Hash: DD719CB7F1122147F3444E29CCA83A17293EBD5314F2F81398E895B7C9D97E6D0A9384

Function 00CB92E8 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b15801b633c2580f84d6355a21aa2e486cd1abba5da8eacd6b40a5b56d6fdff8
Instruction ID: 5b06111c1ba7a78df8559ef65862a626ba27374be9f2b7ba951f0266235d1389
Opcode Fuzzy Hash: b15801b633c2580f84d6355a21aa2e486cd1abba5da8eacd6b40a5b56d6fdff8
Instruction Fuzzy Hash: 61716BB3E1023587F7544E68CCA83627292EB95320F2F42798E9D6B7C5D97E2D0993C4

Function 00C9F1B9 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80ed2f6ede3661b164900cdf0acf446da8fcaee2a76768f8c034686f935040fd
Instruction ID: e269b5e5cd48882d842ebeddbc053b0ba49944df21777adc628f4317e3f5dcb8
Opcode Fuzzy Hash: 80ed2f6ede3661b164900cdf0acf446da8fcaee2a76768f8c034686f935040fd
Instruction Fuzzy Hash: A0716CF3F102248BF7584E28CC693617292EB96320F2F42789F9D6B3D5D97E5D099284

Function 00D022C8 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c8b3fec1ecfd9091987345d6bd49a9639d1616026d489021aaac8d8e11bf607
Instruction ID: 976735c7e96a02427224d266a4e11a91c04f6052f245fcbff12aee76f3aa3580
Opcode Fuzzy Hash: 8c8b3fec1ecfd9091987345d6bd49a9639d1616026d489021aaac8d8e11bf607
Instruction Fuzzy Hash: F6719AF3F2152547F3484928CC693B16642EBA1324F2F423D8F5EA77C5E97E9D0A5288

Function 00C633CE Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e29c79c83ea665fb0f52eb472cf9992de3fea19fe213ae0897055788f4a57651
Instruction ID: 03333e86282760effb615a2a888adf4a43e08f0818e981d7d7f79c509d904590
Opcode Fuzzy Hash: e29c79c83ea665fb0f52eb472cf9992de3fea19fe213ae0897055788f4a57651
Instruction Fuzzy Hash: 7A716DB3F2122547F7544D39CCA83617682AB95320F2F823C8E996B7C5DD7E6E0A5384

Function 00CA0310 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1618121292d080703a82ee24eec501781d4f51972cc243203fe9e65b878bce70
Instruction ID: 76f9d95e4a9d4d39376450329679c3cd84838cef4c5b02d498eb5832349ceff8
Opcode Fuzzy Hash: 1618121292d080703a82ee24eec501781d4f51972cc243203fe9e65b878bce70
Instruction Fuzzy Hash: D7718BB3F112254BF3504979CC583A2A6839BD5324F3F82388E5CABBD6E97E5D064384

Function 00CFA4D8 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aefd1d00c58a8d19cc060b4f10e1f9b866ad03868257ba21850c75679dfe0c5
Instruction ID: fb70d18ba08f08d4ea57fcc1509c7b581a8214844938466446f7d86e4f70ee2e
Opcode Fuzzy Hash: 3aefd1d00c58a8d19cc060b4f10e1f9b866ad03868257ba21850c75679dfe0c5
Instruction Fuzzy Hash: 5771BEF7F102254BF7540D39CC983A17692DB96310F1F82788E48AB7C9D9BE6D0A9385

Function 00C4B1D3 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60dcc49cef6155777f03b699740cb863def708bd3d57a583a6933d60cba3e99c
Instruction ID: db1a2d639b1348ad2bb3f4839b8a7175bf567a44edc0aca0b9a34417eb0c59f0
Opcode Fuzzy Hash: 60dcc49cef6155777f03b699740cb863def708bd3d57a583a6933d60cba3e99c
Instruction Fuzzy Hash: DB717DB3F112254BF3444A68CC983B17692EB95320F2F41788F89AB7C5D97E6E0A53C4

Function 00C15131 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 431d0845ac2de0c6fb0b714d64a41f6ea2f2c21c10e5d567f5bb1cd9084bd2f8
Instruction ID: b47224d724d7eb6463e4f516a850d53ab00188238f381f291d51664019558431
Opcode Fuzzy Hash: 431d0845ac2de0c6fb0b714d64a41f6ea2f2c21c10e5d567f5bb1cd9084bd2f8
Instruction Fuzzy Hash: AD61AFB3F111248BF3544E29CC543A17683DBD9320F2F82788A999B7D8ED7E6D495384

Function 00C48145 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec5300dfd72854762b3c00e80d4e919fa1e074f9b37b07424e48ff29efdd2e1b
Instruction ID: 3aa13daa85a2b6564558c29061e34fc9cce38f887fab06a1a1564044f4481454
Opcode Fuzzy Hash: ec5300dfd72854762b3c00e80d4e919fa1e074f9b37b07424e48ff29efdd2e1b
Instruction Fuzzy Hash: 5F61A1F3F5122447F3404D29DC983A26283DBE6310F2F82788E58AB7C9D87E9D4A5384

Function 00C42421 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae183dd3730024e531c67eb00ce4452138b6dde7dc87406d9fd0e9cab2ca9a56
Instruction ID: 07770dcd4ee4485acb6783117eecb9afe49189618449633d643df2dabae9bb18
Opcode Fuzzy Hash: ae183dd3730024e531c67eb00ce4452138b6dde7dc87406d9fd0e9cab2ca9a56
Instruction Fuzzy Hash: 94617AB3F1122547F3544D68CD98362B692EB91320F2F82788E8D6BBC5D97E6D0953C0

Function 00CA91D5 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56ccc881ace81e890becba320a3011ff54b51ba53c15f918eab312822aba064b
Instruction ID: e6836fea67d847ceaaca7a1dfa7bc7cda88487fba763b683bc0b934f95c89ab0
Opcode Fuzzy Hash: 56ccc881ace81e890becba320a3011ff54b51ba53c15f918eab312822aba064b
Instruction Fuzzy Hash: 1A617AB3F106254BF3448D29CC983A27293EBA5310F2F82788E8DAB7D5D97E5D495384

Function 00CE2311 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea46a33c163c68d4b0834a62913b3269f9cf0bca24205d4f2a363b2a4262d4b7
Instruction ID: 81b3448b2fea856cf25040455bb09d5b67863c51156b0a4558f67f0619fe2122
Opcode Fuzzy Hash: ea46a33c163c68d4b0834a62913b3269f9cf0bca24205d4f2a363b2a4262d4b7
Instruction Fuzzy Hash: E461BFB3F112254BF3404939CC553A27283EBD5320F2F82788A98AB7D5ED7E9D495384

Function 00C9E312 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3795416464722cc3fde25dc441307ee0d2ff1960c4db0278437a569f9286b62
Instruction ID: 662d78e7d72d4114208709dfa15c59c4786414b91e3b479add0810e302896586
Opcode Fuzzy Hash: c3795416464722cc3fde25dc441307ee0d2ff1960c4db0278437a569f9286b62
Instruction Fuzzy Hash: 5E6168B7F112248BF3448D78CD583627683AB95324F2F82788E9D6B7C5D97E6C0A5384

Function 00CCF36A Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d28eb9f6203d09cae1e3ce40871cdf54128b9995822b53c3cbb155bf825aa699
Instruction ID: 00d8335d8cc57f2e38a21f80f397381ee8ad3f8da102224ee624e9eb987625f6
Opcode Fuzzy Hash: d28eb9f6203d09cae1e3ce40871cdf54128b9995822b53c3cbb155bf825aa699
Instruction Fuzzy Hash: 26619BB7F512258BF3544D64DC983A272439BD5320F2F82388E8C6B7C5E97E6D4A5384

Function 00CEF112 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cbdb17df54e56d6c87e5946b2076c7fa5b238be4c7bbacc77c8b5b067e42757
Instruction ID: 2cc1c77da94fbfd888ffa9b8bf082fed3d44ac07431994655d42cc0526fbda40
Opcode Fuzzy Hash: 6cbdb17df54e56d6c87e5946b2076c7fa5b238be4c7bbacc77c8b5b067e42757
Instruction Fuzzy Hash: ED617DB3F112258BF3544E24CC943617292EB95324F2F82788E9C6B7C5E97E6D4A5384

Function 00C4412E Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85cfee6a7a4da9ff4d0f60c341b47559120a5076fd4c6c91935dc656b81fca3d
Instruction ID: 05814121755bbdf47fd80aa9d6d0f66433dafde495984fc3ec6d68a6f64aa1fd
Opcode Fuzzy Hash: 85cfee6a7a4da9ff4d0f60c341b47559120a5076fd4c6c91935dc656b81fca3d
Instruction Fuzzy Hash: 73616CB3F216254BF3944D29CC58362B293EBE5310F2B82788A9C677C6DD7E6D095284

Function 00CC4360 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47f1bcca7eb5c725659e14d61b41b83a5e8886d67d260ae38020c81769bf29d0
Instruction ID: 96d4a33e10a21b950ad21c49afcee063fd966e72747781d81f8e5a1bd00e0f40
Opcode Fuzzy Hash: 47f1bcca7eb5c725659e14d61b41b83a5e8886d67d260ae38020c81769bf29d0
Instruction Fuzzy Hash: B9515AB3F1122547F3544E29CCA43A1B793DB86724F2F82789E986B3C0D97EAD459384

Function 00C4F1A9 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee57082ca6a9bd471d80d885be5ae40cd879be3abecc60aa7fc29a0b23c54df4
Instruction ID: 9ad2fa819b46227e69b389f2c6b8c281afb1646529ff429b02fc570206b614d1
Opcode Fuzzy Hash: ee57082ca6a9bd471d80d885be5ae40cd879be3abecc60aa7fc29a0b23c54df4
Instruction Fuzzy Hash: 8E617FB7F111258BF3504E29CC943617393EBD6314F2F82788A985B3C9D97EAD469384

Function 00CE12CE Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b650b16bf3dbd01927957d080ecf0accdfd85186ffe43a99540129c8fc092a30
Instruction ID: bf4ea9ea7e6a74f115b587eb4e16e36e03ba7c4db80a0393ac27dd710c882b3f
Opcode Fuzzy Hash: b650b16bf3dbd01927957d080ecf0accdfd85186ffe43a99540129c8fc092a30
Instruction Fuzzy Hash: 75517CB7F1123547F3544D78CD983626682EB95320F2F83788E68AB7CAD8BE5D0952C0

Function 00C491D7 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b1441c8eba1250797cacc04ae6ca4f31f76dccfccb6a4a9c291436715689196
Instruction ID: d8f78e56992568588227f7fbbc689d23356695ffa7b0ac597fed834b9a8eee9b
Opcode Fuzzy Hash: 8b1441c8eba1250797cacc04ae6ca4f31f76dccfccb6a4a9c291436715689196
Instruction Fuzzy Hash: 2A519FB3F1112447F3148E29CC643A17683DBD5325F3F82789E986B7C8D97E6D0A5284

Function 00C613C1 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b31b58ac22131c6b3cc770b0632f7e0231c2d8828d77759ff720096c8720e317
Instruction ID: fcf6ff023d09f485cc6da429dc7211e5196b003eceedaff936ab3df2bf866ddd
Opcode Fuzzy Hash: b31b58ac22131c6b3cc770b0632f7e0231c2d8828d77759ff720096c8720e317
Instruction Fuzzy Hash: 7C51ADB3F1022547F3584969CCA43A266839BD5320F2F82788E9D9B7C5ED7E6C4A5384

Function 00CDA42A Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d38497cfde449a57ea1a270f9da732944f3c8da6509c007f87ddbdef513236
Instruction ID: cd9704a0e04ee342bcd75fcfc38d1e3348175cb6ab1167c020b66da66e1eeff9
Opcode Fuzzy Hash: c1d38497cfde449a57ea1a270f9da732944f3c8da6509c007f87ddbdef513236
Instruction Fuzzy Hash: C6512AB3F2122547F3584D28CC6836275839B91325F2F827C8E5DAB7C5D9BE9D0A5388

Function 00BCF377 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fdd3f24126f25dfe437cb56510455b7697fd5cb4b8bb3f7fb5ebc12e05394ef
Instruction ID: 3ec55af2d732003031ef7916fa02b22a8fcca3177ded66b506ecced1786b2553
Opcode Fuzzy Hash: 4fdd3f24126f25dfe437cb56510455b7697fd5cb4b8bb3f7fb5ebc12e05394ef
Instruction Fuzzy Hash: A6610B72744B418FC728CE3CC8957E6BBD29B95314F198A7CD4BBCB385EA79A4058700

Function 00BDF18B Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bc24c1faa43d9682cf66d200c58701aed260d825e5fdaf9c4875ad19ef43e2a
Instruction ID: d31faa1e45a17d98aa3854958262e8d034c1e2b03201b7a865f07b0fb7d9d0be
Opcode Fuzzy Hash: 0bc24c1faa43d9682cf66d200c58701aed260d825e5fdaf9c4875ad19ef43e2a
Instruction Fuzzy Hash: 7A41D53270C7524BD719CE2988D127BFBD29BDA310F1E887ED487C7356E524E90A8781

Function 00C911BB Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21d923d04388ff406edc85362050b54bc49631cce327c6edb8880ad76b63d09c
Instruction ID: 3b366027d94454341e1aa1b3e8a9497b1e05ee008edbeeb374fd7271bf5d27ce
Opcode Fuzzy Hash: 21d923d04388ff406edc85362050b54bc49631cce327c6edb8880ad76b63d09c
Instruction Fuzzy Hash: A3517CB3F111258BF3584D29CC683617292EB91320F2F827C8E9A6B7D4D97E6D4953C4

Function 00C5A3F4 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70fc433a4cf74a75bc63d8af7e234c0e6b0adb0b28aac1c35eb740ae7ba8a02b
Instruction ID: e6348348fa1a1d2a67922d347d56620d9af730e68496e7af7ce77cd3e6ee4c2d
Opcode Fuzzy Hash: 70fc433a4cf74a75bc63d8af7e234c0e6b0adb0b28aac1c35eb740ae7ba8a02b
Instruction Fuzzy Hash: 0751CFF7F1162587F3400E25DC943A17292EBA6324F2F42B88E886B3C5D97E6D459384

Function 00C9B283 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6015b43d34aece54bd519bbeb042612597e35fbe7ffe7d3119b4b22d27258709
Instruction ID: b6468ce2a8504697975aeca7e1a4051a889101e6b5f20cb050e56cf532143727
Opcode Fuzzy Hash: 6015b43d34aece54bd519bbeb042612597e35fbe7ffe7d3119b4b22d27258709
Instruction Fuzzy Hash: 1951C0B7F616254BF3504D78CDD83A176829BA5314F2F42788E8CAB7C1D8BFAC095284

Function 00D55053 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5dcf288432ea05e808081298bd45536ceffbacea5022e75e8634291f38272d5
Instruction ID: b701da3b1f2ccdaedde463f34a79eb57109fb34bde4d52aabd559a4165381d87
Opcode Fuzzy Hash: d5dcf288432ea05e808081298bd45536ceffbacea5022e75e8634291f38272d5
Instruction Fuzzy Hash: DC4169F3F182105BF7109E29DC843AAB796DBD4310F2FC13C9E9497788E93E99014292

Function 00C8848C Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df475d73dd6e62fd9c6615408cb3500e6aa982fe20b7f8e4ed6b7cc87c398bbd
Instruction ID: a7ebab7a2380bd4348a5ca54cb594f1e054e5f1a0848873b952880a6aee48f5d
Opcode Fuzzy Hash: df475d73dd6e62fd9c6615408cb3500e6aa982fe20b7f8e4ed6b7cc87c398bbd
Instruction Fuzzy Hash: DC516CA7F106254BF3544D68CC28371B6829BD6320F2F027D8E8D6B3D1D97E6D095284

Function 00C0510C Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eefba69721602706ab6bcfb5fb97748755737769743c2c5c4ed620a978e94552
Instruction ID: 0aa108a07aa9e8055ab5ae1982e8479370cc921ce2a74c45fc3d456e00773906
Opcode Fuzzy Hash: eefba69721602706ab6bcfb5fb97748755737769743c2c5c4ed620a978e94552
Instruction Fuzzy Hash: A75199B7F112254BF3444939CC583617283DBD2310F2F82798E896B7C5DD7D6C0AA280

Function 00C3E18B Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c55de4553f330d4e4ad2493861512c92fe0672604ae7697479515758686b6009
Instruction ID: 88b7216b1488b6125111fb8881be969afb11e98268f8bcea1a2853272d03083a
Opcode Fuzzy Hash: c55de4553f330d4e4ad2493861512c92fe0672604ae7697479515758686b6009
Instruction Fuzzy Hash: 4C415AE7F2162107F348082ACDA93659583D7E1325F2F823D8F8DA77C9D8BD9D0A1284

Function 00BD2070 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 458edd604afd8b3766009b1eeed54c14787bf18e63760cd6018a69cc3abd1335
Instruction ID: 15e3af1e59f967c6b96f749d2398574fc3111ceda7833075e3255c7a3ef1bb75
Opcode Fuzzy Hash: 458edd604afd8b3766009b1eeed54c14787bf18e63760cd6018a69cc3abd1335
Instruction Fuzzy Hash: 4F816DB654ABC48BD374DF16E99869BBBE0EB89304F10899DC48C4B350CFB15448CF96

Function 00C30258 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d4ac35998af90213e17772d03ea1d742b3822df42aad53f84f40c0c32f4efa9
Instruction ID: 5e4f8e0beeb94fabe4f7ecf2161d03091926ac4c9c056fed30d81e31c7b5b985
Opcode Fuzzy Hash: 9d4ac35998af90213e17772d03ea1d742b3822df42aad53f84f40c0c32f4efa9
Instruction Fuzzy Hash: 963156B3F1112047F3984839CD6836266839BD1324F2F82798B9D6BBC5DDBE5D0A4384

Function 00C4A300 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3673d530b3a3096a844689fa30499f62cf7e24d73405b754d62e68ce115c7517
Instruction ID: fa0482a1e97a10e20844045ecedee0be1dcc2589df27841b39b2b33e1f71759a
Opcode Fuzzy Hash: 3673d530b3a3096a844689fa30499f62cf7e24d73405b754d62e68ce115c7517
Instruction Fuzzy Hash: 3D314DB3F1063547F3584878CDA93A6648287D5324F2F42398F6EAB7D6D8BE5D0612C4

Function 00C53389 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81b49c7e32d6f6e088c7b777cc7afce1571ed430634a9220f526f43db86c7dc
Instruction ID: 2b1423979d7305e0e656a83dc7d32c7556fc4c3a6dc4f2ca55aa1b4986d96ab5
Opcode Fuzzy Hash: e81b49c7e32d6f6e088c7b777cc7afce1571ed430634a9220f526f43db86c7dc
Instruction Fuzzy Hash: C3318EB3F152210BF3504E78CD98361AA92EBC2710F2F42798F88AB7C5D97E5D085384

Function 00C51334 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7ac42bbfa771c90de8cc5883bada377d3cb02eba16d57f53b40dfeaec3bbfcf
Instruction ID: d077aaceddde00af139d0ab199b43635432d9a34e66c662360229358ae547396
Opcode Fuzzy Hash: a7ac42bbfa771c90de8cc5883bada377d3cb02eba16d57f53b40dfeaec3bbfcf
Instruction Fuzzy Hash: E7316BF7F516150BF3880869DD993A21483D7E5328E2F82398B5D977C6ECBD580A1248

Function 00D002DB Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2c5655de0066ff9b244235a6f0e1bebce84d3b44654a27cef665a453b34aeac
Instruction ID: b6a179baf37f99f7f33ea9a5a5527ce2ad5d762acd463492f0cb3b70d5a6020c
Opcode Fuzzy Hash: e2c5655de0066ff9b244235a6f0e1bebce84d3b44654a27cef665a453b34aeac
Instruction Fuzzy Hash: 843129B3F616314BF3544839CC54351668397D5335F2F82788E68ABBDAD87E6C0A52C4

Function 00CF037A Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 930600b3f6283f95c6649e4e69a08a0d0b3336d291d48bf677ab41b1f1a69a72
Instruction ID: 8fdf7c21a7192663b4ce1b4110951bc4e67981829b6f799936e7ff39a7594b8a
Opcode Fuzzy Hash: 930600b3f6283f95c6649e4e69a08a0d0b3336d291d48bf677ab41b1f1a69a72
Instruction Fuzzy Hash: 3131AEF7E5172147F35048B9ED9436254829BA1324F2F83388F6C6BBC5E8BE4D0612C4

Function 00C4D1C5 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22f4af3b6d75e4bae1ea36f9401208dc5997693a2771c288d09feac7bf566e88
Instruction ID: 0bacac039edd5666098e07e4d0b28b702fa38f2fc186969ffea658227484b51d
Opcode Fuzzy Hash: 22f4af3b6d75e4bae1ea36f9401208dc5997693a2771c288d09feac7bf566e88
Instruction Fuzzy Hash: A4313DF3F515214BF3584865CC29362958297D1324F2F82798F5EABBC5D8BE5D4502C4

Function 00C2B0DC Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78af7e7a0b56349d848b9375b45abe021c77aa50736e22c8ac995e8aa92e7265
Instruction ID: 8bd9e9c627f71bed6c9cdab8d7509ce1754c4945cf14c3d605cfdb883ee1b4ff
Opcode Fuzzy Hash: 78af7e7a0b56349d848b9375b45abe021c77aa50736e22c8ac995e8aa92e7265
Instruction Fuzzy Hash: 173103F3F506254BF3584469DDA8362548297E5320F2F82798F2D6B7C6ECBE5C0612C4

Function 00CEA1E7 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4acb221f36e7781f1ca9bfce41664af93ef33ac88238a2beb55fe2987fcff68d
Instruction ID: 4594096cfd00c2297f9946c724407f83c71bfa342a8e05bc05f559bfdc0253cb
Opcode Fuzzy Hash: 4acb221f36e7781f1ca9bfce41664af93ef33ac88238a2beb55fe2987fcff68d
Instruction Fuzzy Hash: F931CCF3F1162547F3544839DD993A264839BE1328F2F82788B5CABBC6DC7D9C0A1284

Function 00CCA061 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0292b30af0e8588e1dea4a25c4d59d3d526158c45b438097b62f671ef1d1f0a0
Instruction ID: 802db6e27fdd8b1d6a33d1f9c674ce3c9d3e870ed653184ce276d42901b5fd40
Opcode Fuzzy Hash: 0292b30af0e8588e1dea4a25c4d59d3d526158c45b438097b62f671ef1d1f0a0
Instruction Fuzzy Hash: D6313DB3F506114BF3544879CDA93A6258397D4320F3F82399F5D9BBC5D8BE9D060284

Function 00CA615D Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f7485a209ebbce9a6cf448ea2f73f07ee9c8d799c6492584fe9dc854c746c4e
Instruction ID: 19d76b702ee9327f84cf55c2cf599da670bc0921b86c6a81ff46f7a7dd55c80f
Opcode Fuzzy Hash: 0f7485a209ebbce9a6cf448ea2f73f07ee9c8d799c6492584fe9dc854c746c4e
Instruction Fuzzy Hash: 753134B7F6152607F3944878DD183A2154397D6314F2F82388E98ABBC9DCBE9C0A53C0

Function 00C1B4D0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46de773372e45897c1b3c490714107ef616293951644b2954481250f5659ad81
Instruction ID: 93b6e500d9ab3ff1f17796318c226784d4b5d53aa3ffb13c31944dc4c3338935
Opcode Fuzzy Hash: 46de773372e45897c1b3c490714107ef616293951644b2954481250f5659ad81
Instruction Fuzzy Hash: 2A217CF3E5163143F3544878CD953A6A5429B91324F2F83384E6D77BC9E87E9D0912C4

Function 00CD23C0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a9ecaf5582596b8653856d49789f82a6c45ffc3fa7e693dc8747759790f8a6b
Instruction ID: c7fc710c504c306e61efca9ccde75977c5a820bb797181a6e8b075ca4d95476d
Opcode Fuzzy Hash: 0a9ecaf5582596b8653856d49789f82a6c45ffc3fa7e693dc8747759790f8a6b
Instruction Fuzzy Hash: 5A3138F7E1163247F3884874DD98362A68297A5314F2F82388F4C6BBC5D87E4D0A52C8

Function 00D072F3 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16f6269adca3798aafbc6c7bfcb0e7cc50b3c58ba221b68babe354bd9dc38e9a
Instruction ID: f4382a7d8fea07119216e14007f3b602bef6e5feeebce5915effa826bd83b0d2
Opcode Fuzzy Hash: 16f6269adca3798aafbc6c7bfcb0e7cc50b3c58ba221b68babe354bd9dc38e9a
Instruction Fuzzy Hash: B12107A3F5161147F3585838C9793662583D394324F2A837D8FAB6B7CADC7E5D064284

Function 00CC209E Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 642d63b79cc6717f78cd30b1b567c6d0234f33e8bb1b17f139de5449f4e7aa04
Instruction ID: dad1844ce916dc8224e278696773310b9e0bcac4309bf5a271f5ea569185649c
Opcode Fuzzy Hash: 642d63b79cc6717f78cd30b1b567c6d0234f33e8bb1b17f139de5449f4e7aa04
Instruction Fuzzy Hash: 93218EB3F5022647F3984878CEA93765582DB91320F2B833D5F6E6B6C5DC6D5D0912C4

Function 00C951B3 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cff69dbdbb1fca32f7be60fe0f81fd158bc20fdcf5f80890f850c52389eb455f
Instruction ID: 90b8f7ce0b8fc66b4cf15144672e49827de0a7513a1b97a497c82136fde68af4
Opcode Fuzzy Hash: cff69dbdbb1fca32f7be60fe0f81fd158bc20fdcf5f80890f850c52389eb455f
Instruction Fuzzy Hash: 7E219FB3F101254BF3608939CC643722283DBC5324F2F42789A489B7C5E97EAC0653C0

Function 00C0A0F9 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b2d5dffba62b484152a286904e7cd15a1d32a6ead3f3406018849a0b4c444e3
Instruction ID: a64c9b040dc00da902d3f30263ec6189bfee24a23e4d33ed7d42b554b7436d1a
Opcode Fuzzy Hash: 8b2d5dffba62b484152a286904e7cd15a1d32a6ead3f3406018849a0b4c444e3
Instruction Fuzzy Hash: 5C216AB3F206344BF35848B8CD693A26542D795320F2F42398F896B7C6D8BE5D0963C4

Function 00BD6210 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: df542ce6a1d9358a535f0e6041fd6082cc83816b461e10490aa1c8cecf97185e
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 1011E533A491D40ED3168D3C8440565FFE34AE3734B2983DAF4B89B3D2E6228D8A9364

Function 00BBC300 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction ID: 8bdcf9293ba5e20461f324312a62a10445b3b30c2e531d95ea2f303db13bbf73
Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
Instruction Fuzzy Hash: 9AF03C60104B918BD7328F3985647B3BFE09B23228F545A8CC5E357AD2D3B6E10A8798

Function 00BCE0DA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction ID: a321dc4df6cef6c3ebb00afe6cd6bc999ce5b0701867cd53cb82ff25e5e9babe
Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
Instruction Fuzzy Hash: 0EF065104087E28ADB234B3E4461BB2AFE0DB63120B181BD9C8F1EB2C7C315D596D3A6

Function 00BCD116 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2183030576.0000000000BA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00BA0000, based on PE: true

Associated: 00000000.00000002.2183012976.0000000000BA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183030576.0000000000BE5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183074299.0000000000BF3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000BF5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000D7A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E58000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E7E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183087989.0000000000E94000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183315817.0000000000E95000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183409358.000000000102C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2183422811.000000000102D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ba0000_SQHE4Hsjo6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b28bec034c177f62cb809df6cd41f35f67d378b20fd43bb211bc22b6964afe6
Instruction ID: c548965ee321c4152c05a288cda34c9ab7a280ed28acc4724fd14e5d448d70d3
Opcode Fuzzy Hash: 9b28bec034c177f62cb809df6cd41f35f67d378b20fd43bb211bc22b6964afe6
Instruction Fuzzy Hash: A001F9746442829FD304CF38CDE0666FBE1EB86364B08CB9CC4598B796CA34D442C795

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SQHE4Hsjo6.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
SQHE4Hsjo6.exe

Function 00BAB100 Relevance: 19.2, Strings: 15, Instructions: 425
COMMON

Function 00BA8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356
COMMON

Function 00BDE110 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 00BE1720 Relevance: 1.4, Strings: 1, Instructions: 158
COMMON

Function 00BA9D1E Relevance: 3.1, APIs: 2, Instructions: 142
libraryCOMMON

Function 00BDE0A0 Relevance: 1.5, APIs: 1, Instructions: 31
memoryCOMMON

Function 00BA9EB7 Relevance: 1.5, APIs: 1, Instructions: 18
networkCOMMON

Function 00BDC570 Relevance: 1.5, APIs: 1, Instructions: 15
memoryCOMMON

Function 00BDC55C Relevance: 1.5, APIs: 1, Instructions: 5
memoryCOMMON