Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1532980
MD5:	624aa9f7c297655526b0c57976065fd9
SHA1:	7a0be2e902647eebafc4b857146677ebd81012ef
SHA256:	e8653f720910be487637fe70d1bd58299a2f207d7140a00db5a6d51e4c65c00f
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 60 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 624AA9F7C297655526B0C57976065FD9)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["clearancek.site", "licendfilteo.site", "studennotediw.store", "dissapoiznw.store", "bathdoomgaz.store", "spirittunek.store", "mobbipenju.store", "eaglepawnoy.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:07.046002+0200	2054653	1	A Network Trojan was detected	192.168.2.7	49700	172.67.206.204	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:07.046002+0200	2049836	1	A Network Trojan was detected	192.168.2.7	49700	172.67.206.204	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:03.696501+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.7	60913	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:03.639749+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.7	64984	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:03.675004+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.7	62013	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:03.664311+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.7	62360	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:03.717611+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.7	58557	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:03.652562+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.7	50666	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:03.707069+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.7	49152	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:03.685968+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.7	57330	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-14T08:57:06.075782+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.7	49699	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware

Found malware configuration

Source: file.exe.60.6.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["clearancek.site", "licendfilteo.site", "studennotediw.store", "dissapoiznw.store", "bathdoomgaz.store", "spirittunek.store", "mobbipenju.store", "eaglepawnoy.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 43%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: clearancek.site
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: licendfilteo.site
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: spirittunek.store
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: bathdoomgaz.store
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: studennotediw.store
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: dissapoiznw.store
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: eaglepawnoy.store
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: mobbipenju.store
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: clearancek.site
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: - Screen Resoluton:
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: Workgroup: -
Source: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.7:49700 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	6_2_001CD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	6_2_001CD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	6_2_002063B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	6_2_00205700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	6_2_0020695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	6_2_002099D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	6_2_001CFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	6_2_001D0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	6_2_001FF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	6_2_001D6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	6_2_00204040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	6_2_00206094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	6_2_001ED1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	6_2_001E2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	6_2_001E2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	6_2_001D42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	6_2_001CA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	6_2_001F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	6_2_001F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	6_2_001F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	6_2_001F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	6_2_001F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	6_2_001F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	6_2_001DB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	6_2_001EE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	6_2_001DD457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	6_2_00201440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	6_2_001EC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	6_2_002064B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	6_2_00207520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	6_2_001E9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	6_2_001D6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	6_2_001C8590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	6_2_001FB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	6_2_001EE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	6_2_00207710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	6_2_001ED7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	6_2_002067EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	6_2_001E28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	6_2_00203920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	6_2_001DD961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	6_2_001C49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	6_2_001D1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	6_2_001C5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	6_2_00204A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	6_2_001D1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	6_2_00209B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	6_2_001DDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	6_2_001DDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	6_2_001F0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	6_2_001D1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	6_2_001D3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	6_2_001E7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	6_2_001FFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	6_2_001EEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	6_2_001EAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	6_2_001EAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	6_2_00209CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	6_2_00209CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	6_2_001ECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	6_2_001ECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	6_2_001ECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	6_2_001EFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	6_2_001EDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	6_2_00208D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	6_2_001D4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	6_2_001EAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	6_2_001E5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	6_2_001E7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	6_2_001D1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	6_2_001D6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	6_2_001CBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	6_2_001C6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	6_2_001FFF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	6_2_001E9F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	6_2_001D6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	6_2_001DFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	6_2_001C8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	6_2_00207FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	6_2_00207FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	6_2_00205FD6

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.7:49152 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.7:57330 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.7:60913 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.7:62013 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.7:64984 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.7:50666 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.7:62360 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.7:58557 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49699 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49700 -> 172.67.206.204:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49700 -> 172.67.206.204:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: eaglepawnoy.store

Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254
Source: Joe Sandbox View	IP Address: 172.67.206.204 172.67.206.204

Source: Joe Sandbox View	ASN Name: AKAMAI-ASUS AKAMAI-ASUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: d.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: d.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=c6136d87d8655a4d6f91e01c; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 14 Oct 2024 06:57:05 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322705699.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampoweK;
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322705699.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agree
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akam
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstati#
Source: file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.c
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com-
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322705699.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/Ap:
Source: file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apilG
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apim
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apin
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/nb
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.c
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322705699.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geon
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322684818.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322705699.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.k;
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.r
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.ste
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/B
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stat
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_r
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322684818.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access
Source: file.exe, 00000006.00000003.1322493749.0000000000B24000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.7:49700 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001D0228	6_2_001D0228
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001FF620	6_2_001FF620
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A	6_2_0037C02A
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001D2030	6_2_001D2030
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00204040	6_2_00204040
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0020A0D0	6_2_0020A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001C5160	6_2_001C5160
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001CE1A0	6_2_001CE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001C71F0	6_2_001C71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00368297	6_2_00368297
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001F82D0	6_2_001F82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001F12D0	6_2_001F12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_003812EE	6_2_003812EE
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001CA300	6_2_001CA300
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001CB3A0	6_2_001CB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001F23E0	6_2_001F23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00400444	6_2_00400444
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037A430	6_2_0037A430
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0038647F	6_2_0038647F
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001EC470	6_2_001EC470
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001D049B	6_2_001D049B
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001D4487	6_2_001D4487
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_003904F2	6_2_003904F2
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001F64F0	6_2_001F64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001C8590	6_2_001C8590
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001C35B0	6_2_001C35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001DC5F0	6_2_001DC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00208652	6_2_00208652
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_002086F0	6_2_002086F0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0029B6D9	6_2_0029B6D9
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001CA850	6_2_001CA850
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00384865	6_2_00384865
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001F1860	6_2_001F1860
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00392846	6_2_00392846
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001FE8A0	6_2_001FE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001FB8C0	6_2_001FB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0038995F	6_2_0038995F
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_002089A0	6_2_002089A0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001E098B	6_2_001E098B
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_003789D6	6_2_003789D6
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00204A40	6_2_00204A40
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0038EA5B	6_2_0038EA5B
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00207AB0	6_2_00207AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00208A80	6_2_00208A80
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_002F2A9F	6_2_002F2A9F
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00417B09	6_2_00417B09
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001DDB6F	6_2_001DDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037DBA6	6_2_0037DBA6
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001C7BF0	6_2_001C7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00208C02	6_2_00208C02
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00206CBF	6_2_00206CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001ECCD0	6_2_001ECCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001EFD10	6_2_001EFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001EDD29	6_2_001EDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001E8D62	6_2_001E8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00332DAE	6_2_00332DAE
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00382D90	6_2_00382D90
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00387DF7	6_2_00387DF7
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001D4E2A	6_2_001D4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001EAE57	6_2_001EAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00208E70	6_2_00208E70
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001D6EBF	6_2_001D6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001CBEB0	6_2_001CBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001CAF10	6_2_001CAF10
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0038CF87	6_2_0038CF87
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_001C8FD0	6_2_001C8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_00207FC0	6_2_00207FC0

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 001CCAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 001DD300 appears 152 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9995552289603961

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/2

Source: C:\Users\user\Desktop\file.exe

Code function: 6_2_001F8220 CoCreateInstance,

6_2_001F8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

Virustotal: Detection: 43%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 2935296 > 1048576

Source: file.exe

Static PE information: Raw size of nkeasgxt is bigger than: 0x100000 < 0x2a3400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 6.2.file.exe.1c0000.0.unpack :EW;.rsrc :W;.idata :W;nkeasgxt:EW;bmonghax:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;nkeasgxt:EW;bmonghax:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2d1cb6 should be: 0x2d0d4c

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: nkeasgxt
Source: file.exe	Static PE information: section name: bmonghax
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0043E048 push ecx; mov dword ptr [esp], esi	6_2_0043E340
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 429636D8h; mov dword ptr [esp], edx	6_2_0037C036
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 2285F402h; mov dword ptr [esp], edx	6_2_0037C0E2
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push edi; mov dword ptr [esp], 04798995h	6_2_0037C159
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push ecx; mov dword ptr [esp], ebp	6_2_0037C22E
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push ebp; mov dword ptr [esp], 767E691Ch	6_2_0037C2E5
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push esi; mov dword ptr [esp], edi	6_2_0037C30E
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push esi; mov dword ptr [esp], 7FDA8F8Eh	6_2_0037C32B
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push esi; mov dword ptr [esp], edx	6_2_0037C386
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 63C0539Bh; mov dword ptr [esp], ebp	6_2_0037C390
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push ebx; mov dword ptr [esp], 1FD195C1h	6_2_0037C40F
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 0E3C0326h; mov dword ptr [esp], edi	6_2_0037C439
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push esi; mov dword ptr [esp], edx	6_2_0037C4B7
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 1AB2F862h; mov dword ptr [esp], edi	6_2_0037C4BF
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 513EA592h; mov dword ptr [esp], ebx	6_2_0037C4E4
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 0916CAF8h; mov dword ptr [esp], ebp	6_2_0037C4EC
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 6AEAD060h; mov dword ptr [esp], edx	6_2_0037C4FC
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 59B05780h; mov dword ptr [esp], ebp	6_2_0037C5F4
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push ecx; mov dword ptr [esp], 7BD3814Fh	6_2_0037C6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 2B0CCEC6h; mov dword ptr [esp], ebx	6_2_0037C6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 3322D8F1h; mov dword ptr [esp], esp	6_2_0037C70F
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 09BA748Fh; mov dword ptr [esp], esi	6_2_0037C771
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push edx; mov dword ptr [esp], eax	6_2_0037C777
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 086EE9F2h; mov dword ptr [esp], eax	6_2_0037C820
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push ecx; mov dword ptr [esp], edx	6_2_0037C881
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push ebx; mov dword ptr [esp], eax	6_2_0037C885
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push ebp; mov dword ptr [esp], esp	6_2_0037C8DF
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push 3747E8A4h; mov dword ptr [esp], edi	6_2_0037C912
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push ecx; mov dword ptr [esp], esi	6_2_0037C963
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push ecx; mov dword ptr [esp], esi	6_2_0037C992
Source: C:\Users\user\Desktop\file.exe	Code function: 6_2_0037C02A push edx; mov dword ptr [esp], 00000000h	6_2_0037CAEF

Source: file.exe

Static PE information: section name: entropy: 7.976576879741522

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2243E7 second address: 2243ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 2243ED second address: 2243F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 223BF8 second address: 223BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 223BFD second address: 223C03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3962A1 second address: 3962BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CC40913h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 396860 second address: 39686C instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB12CE98466h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39686C second address: 3968A0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB12CC4091Dh 0x00000008 push edx 0x00000009 jmp 00007FB12CC40912h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A1B5 second address: 39A1B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A1B9 second address: 39A1E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a stc 0x0000000b push 00000000h 0x0000000d add dword ptr [ebp+122D2BB4h], edx 0x00000013 xor ecx, dword ptr [ebp+122D28BAh] 0x00000019 push 6F5B7DD5h 0x0000001e jng 00007FB12CC40912h 0x00000024 jl 00007FB12CC4090Ch 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A1E5 second address: 39A229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 xor dword ptr [esp], 6F5B7D55h 0x0000000b pushad 0x0000000c xor eax, dword ptr [ebp+122D37E8h] 0x00000012 mov eax, 461A02BEh 0x00000017 popad 0x00000018 push 00000003h 0x0000001a mov esi, dword ptr [ebp+122D3948h] 0x00000020 push 00000000h 0x00000022 jmp 00007FB12CE98471h 0x00000027 push 00000003h 0x00000029 xor dword ptr [ebp+124454F1h], ecx 0x0000002f push 4C6D3C37h 0x00000034 pushad 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A229 second address: 39A269 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop ebx 0x0000000b popad 0x0000000c add dword ptr [esp], 7392C3C9h 0x00000013 push edx 0x00000014 jng 00007FB12CC4090Ch 0x0000001a mov dword ptr [ebp+122D3122h], eax 0x00000020 pop edx 0x00000021 lea ebx, dword ptr [ebp+1244A0C2h] 0x00000027 mov edx, ebx 0x00000029 movzx ecx, bx 0x0000002c xchg eax, ebx 0x0000002d push edx 0x0000002e pushad 0x0000002f jbe 00007FB12CC40906h 0x00000035 pushad 0x00000036 popad 0x00000037 popad 0x00000038 pop edx 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push ebx 0x0000003d pushad 0x0000003e popad 0x0000003f pop ebx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A269 second address: 39A26E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A2D7 second address: 39A2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A2DB second address: 39A2E5 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB12CE98466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A2E5 second address: 39A2EA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A382 second address: 39A3AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 xor dword ptr [esp], 2F58F6AEh 0x0000000e mov edi, dword ptr [ebp+122D2874h] 0x00000014 lea ebx, dword ptr [ebp+1244A0CBh] 0x0000001a mov esi, 1B4DD900h 0x0000001f mov dl, AEh 0x00000021 xchg eax, ebx 0x00000022 jg 00007FB12CE98470h 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A40B second address: 39A428 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40919h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A428 second address: 39A437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB12CE9846Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 39A437 second address: 39A43B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BAA77 second address: 3BAA81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3828C8 second address: 3828D2 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB12CC40912h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B8A7D second address: 3B8A96 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FB12CE98478h 0x0000000e pushad 0x0000000f js 00007FB12CE98466h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B8BC1 second address: 3B8BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B8BC6 second address: 3B8BD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 pop edi 0x00000007 jc 00007FB12CE98466h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B8BD5 second address: 3B8BDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B8BDE second address: 3B8BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B8BE4 second address: 3B8BE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B8D33 second address: 3B8D4C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnl 00007FB12CE98466h 0x00000009 jng 00007FB12CE98466h 0x0000000f pop edi 0x00000010 pushad 0x00000011 jno 00007FB12CE98466h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B8D4C second address: 3B8D89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jg 00007FB12CC40919h 0x0000000e jmp 00007FB12CC40919h 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B919A second address: 3B919E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B9458 second address: 3B9462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B9605 second address: 3B9632 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FB12CE9846Dh 0x0000000a popad 0x0000000b push esi 0x0000000c jmp 00007FB12CE98477h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3B9911 second address: 3B9917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BA4B8 second address: 3BA4C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BA4C0 second address: 3BA4CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007FB12CC40906h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3BBF10 second address: 3BBF16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 385E21 second address: 385E35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CC4090Ch 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C183E second address: 3C1842 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C1842 second address: 3C1848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C19B4 second address: 3C19DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB12CE98472h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jo 00007FB12CE98466h 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C19DB second address: 3C1A1C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB12CC40913h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edi 0x0000000f jmp 00007FB12CC4090Ah 0x00000014 pop edi 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 pushad 0x00000019 push eax 0x0000001a pop eax 0x0000001b jp 00007FB12CC40906h 0x00000021 popad 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 pushad 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b pop edx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 379F4C second address: 379F50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 379F50 second address: 379F6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB12CC40911h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 379F6D second address: 379F71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 379F71 second address: 379F75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 379F75 second address: 379F85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FB12CE9846Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C716A second address: 3C7179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007FB12CC40906h 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C6727 second address: 3C6731 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FB12CE98466h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C6731 second address: 3C674A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push ecx 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C6A3A second address: 3C6A3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C6E80 second address: 3C6E92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 js 00007FB12CC40910h 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C6FE5 second address: 3C6FFA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jl 00007FB12CE98466h 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C6FFA second address: 3C7000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C7000 second address: 3C7005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C7005 second address: 3C700F instructions: 0x00000000 rdtsc 0x00000002 js 00007FB12CC4091Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C9733 second address: 3C9744 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007FB12CE98466h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C97E6 second address: 3C97EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C97EF second address: 3C97F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C97F3 second address: 3C983A instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB12CC40906h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FB12CC40914h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jmp 00007FB12CC40911h 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FB12CC4090Eh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C9B87 second address: 3C9B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C9B8B second address: 3C9B8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C9E5D second address: 3C9E61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CA04C second address: 3CA05F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC4090Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CA05F second address: 3CA069 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FB12CE98466h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CA580 second address: 3CA5A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40916h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FB12CC4090Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CA61F second address: 3CA688 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CE98473h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jc 00007FB12CE98466h 0x00000010 jmp 00007FB12CE98479h 0x00000015 popad 0x00000016 popad 0x00000017 xchg eax, ebx 0x00000018 call 00007FB12CE98470h 0x0000001d add edi, dword ptr [ebp+122D37B8h] 0x00000023 pop esi 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 push ecx 0x00000029 pop ecx 0x0000002a jmp 00007FB12CE98471h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CA9EA second address: 3CA9FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40911h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CA9FF second address: 3CAA17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007FB12CE9846Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CAAC9 second address: 3CAADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CC40911h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CABB7 second address: 3CABD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB12CE98472h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CB16A second address: 3CB1CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jne 00007FB12CC40906h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FB12CC40908h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 push ecx 0x0000002a pop edi 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007FB12CC40908h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 00000018h 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 mov dword ptr [ebp+1244982Ch], ecx 0x0000004d xchg eax, ebx 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CB1CA second address: 3CB1D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB12CE98466h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CB1D5 second address: 3CB1DA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CBB50 second address: 3CBB81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB12CE9846Eh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f movzx esi, si 0x00000012 push 00000000h 0x00000014 add di, EC57h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c mov dword ptr [ebp+122D1C63h], edi 0x00000022 pop edi 0x00000023 xchg eax, ebx 0x00000024 push edi 0x00000025 push edi 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CBB81 second address: 3CBB8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push ebx 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CCC8B second address: 3CCCE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007FB12CE98466h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007FB12CE98468h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b add di, E1A8h 0x00000030 mov dword ptr [ebp+122D2F1Ah], edi 0x00000036 push 00000000h 0x00000038 pushad 0x00000039 pushad 0x0000003a jng 00007FB12CE98466h 0x00000040 push eax 0x00000041 pop ecx 0x00000042 popad 0x00000043 xor edi, dword ptr [ebp+122D37CCh] 0x00000049 popad 0x0000004a push 00000000h 0x0000004c sbb edi, 232CD336h 0x00000052 xchg eax, ebx 0x00000053 push eax 0x00000054 push edx 0x00000055 push ecx 0x00000056 push edi 0x00000057 pop edi 0x00000058 pop ecx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CCCE8 second address: 3CCD13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007FB12CC40906h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FB12CC40915h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CD80F second address: 3CD822 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB12CE9846Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CD523 second address: 3CD527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CD527 second address: 3CD54D instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB12CE98466h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FB12CE98474h 0x00000010 pop eax 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CED9F second address: 3CEDC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FB12CC40910h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FB12CC4090Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CEB11 second address: 3CEB15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CF5FC second address: 3CF605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CEB15 second address: 3CEB1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CF82C second address: 3CF852 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FB12CC4090Fh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jl 00007FB12CC40906h 0x00000015 jnl 00007FB12CC40906h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CF605 second address: 3CF609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CF852 second address: 3CF8DE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FB12CC40916h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c call 00007FB12CC4090Bh 0x00000011 adc edi, 771E2805h 0x00000017 pop esi 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007FB12CC40908h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 0000001Ah 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 mov edi, ebx 0x00000036 mov esi, ebx 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push ebp 0x0000003d call 00007FB12CC40908h 0x00000042 pop ebp 0x00000043 mov dword ptr [esp+04h], ebp 0x00000047 add dword ptr [esp+04h], 00000015h 0x0000004f inc ebp 0x00000050 push ebp 0x00000051 ret 0x00000052 pop ebp 0x00000053 ret 0x00000054 jnc 00007FB12CC40906h 0x0000005a and si, 2A0Ah 0x0000005f push eax 0x00000060 jbe 00007FB12CC4091Dh 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CF609 second address: 3CF60D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CF8DE second address: 3CF8E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D1704 second address: 3D170B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D1D41 second address: 3D1D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D2D50 second address: 3D2D6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CE98478h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D2D6C second address: 3D2D71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D2D71 second address: 3D2DE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jg 00007FB12CE98479h 0x00000010 nop 0x00000011 sub di, E413h 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007FB12CE98468h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007FB12CE98468h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 00000019h 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e xchg eax, esi 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 pushad 0x00000053 popad 0x00000054 jl 00007FB12CE98466h 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D2DE9 second address: 3D2E17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC4090Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB12CC40919h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D2E17 second address: 3D2E1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D4D07 second address: 3D4D0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D4D0B second address: 3D4D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop esi 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D4D1A second address: 3D4D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D4D20 second address: 3D4D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 38CA26 second address: 38CA46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC4090Eh 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push esi 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D5288 second address: 3D528D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D528D second address: 3D529F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnc 00007FB12CC40910h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D529F second address: 3D532D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007FB12CE98468h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 pushad 0x00000022 jo 00007FB12CE98477h 0x00000028 jmp 00007FB12CE98471h 0x0000002d sub dword ptr [ebp+122D1EFDh], edi 0x00000033 popad 0x00000034 push ebx 0x00000035 ja 00007FB12CE98468h 0x0000003b pop ebx 0x0000003c push 00000000h 0x0000003e mov dword ptr [ebp+122D286Fh], esi 0x00000044 push 00000000h 0x00000046 push 00000000h 0x00000048 push edx 0x00000049 call 00007FB12CE98468h 0x0000004e pop edx 0x0000004f mov dword ptr [esp+04h], edx 0x00000053 add dword ptr [esp+04h], 00000019h 0x0000005b inc edx 0x0000005c push edx 0x0000005d ret 0x0000005e pop edx 0x0000005f ret 0x00000060 sbb di, 5784h 0x00000065 xchg eax, esi 0x00000066 push eax 0x00000067 push edx 0x00000068 jnl 00007FB12CE98468h 0x0000006e push edi 0x0000006f pop edi 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D532D second address: 3D5349 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40912h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D6511 second address: 3D6530 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CE98470h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jl 00007FB12CE98474h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D6530 second address: 3D6534 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D74B3 second address: 3D74B9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D84B3 second address: 3D84B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D857C second address: 3D858F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB12CE9846Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D858F second address: 3D8593 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3D94F9 second address: 3D958F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 add dword ptr [ebp+122D2EFAh], eax 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007FB12CE98468h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 mov di, si 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007FB12CE98468h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 00000014h 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 jo 00007FB12CE9846Ch 0x0000005a mov ebx, dword ptr [ebp+122D372Ch] 0x00000060 mov eax, dword ptr [ebp+122D06E5h] 0x00000066 mov ebx, dword ptr [ebp+122D33E6h] 0x0000006c push FFFFFFFFh 0x0000006e or dword ptr [ebp+124498C0h], edx 0x00000074 push eax 0x00000075 push eax 0x00000076 push eax 0x00000077 push edx 0x00000078 jmp 00007FB12CE98471h 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3DD820 second address: 3DD8CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CC40919h 0x00000009 popad 0x0000000a jmp 00007FB12CC40917h 0x0000000f popad 0x00000010 push eax 0x00000011 jp 00007FB12CC4090Eh 0x00000017 nop 0x00000018 push ebx 0x00000019 mov edi, dword ptr [ebp+122D3A4Ch] 0x0000001f pop ebx 0x00000020 push 00000000h 0x00000022 mov edi, 2FB14097h 0x00000027 jmp 00007FB12CC40912h 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edi 0x00000031 call 00007FB12CC40908h 0x00000036 pop edi 0x00000037 mov dword ptr [esp+04h], edi 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc edi 0x00000044 push edi 0x00000045 ret 0x00000046 pop edi 0x00000047 ret 0x00000048 mov edi, edx 0x0000004a sub dword ptr [ebp+122D2F62h], edi 0x00000050 xchg eax, esi 0x00000051 jmp 00007FB12CC40913h 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3DD8CA second address: 3DD8CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E078B second address: 3E078F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E078F second address: 3E0793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E0793 second address: 3E07A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007FB12CC40908h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E084E second address: 3E0852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E0852 second address: 3E085F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3DDA60 second address: 3DDB04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FB12CE98474h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007FB12CE98468h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+122D37E4h] 0x00000030 xor dword ptr [ebp+122D2CB3h], edi 0x00000036 push dword ptr fs:[00000000h] 0x0000003d push 00000000h 0x0000003f push ebx 0x00000040 call 00007FB12CE98468h 0x00000045 pop ebx 0x00000046 mov dword ptr [esp+04h], ebx 0x0000004a add dword ptr [esp+04h], 0000001Dh 0x00000052 inc ebx 0x00000053 push ebx 0x00000054 ret 0x00000055 pop ebx 0x00000056 ret 0x00000057 adc edi, 6BB5DB2Bh 0x0000005d adc bh, FFFFFF9Ch 0x00000060 mov dword ptr fs:[00000000h], esp 0x00000067 mov dword ptr [ebp+122D2595h], ebx 0x0000006d mov eax, dword ptr [ebp+122D001Dh] 0x00000073 sub dword ptr [ebp+122D214Ah], ebx 0x00000079 push FFFFFFFFh 0x0000007b mov bx, si 0x0000007e nop 0x0000007f push eax 0x00000080 push edx 0x00000081 push eax 0x00000082 push edx 0x00000083 push eax 0x00000084 push edx 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E085F second address: 3E086C instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB12CC40906h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3DDB04 second address: 3DDB08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3DDB08 second address: 3DDB12 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB12CC40906h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E09A8 second address: 3E09AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E09AF second address: 3E0A56 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB12CC4090Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b sub dword ptr [ebp+122D247Ch], ecx 0x00000011 push dword ptr fs:[00000000h] 0x00000018 and di, A4C3h 0x0000001d jmp 00007FB12CC40911h 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 jng 00007FB12CC4090Ch 0x0000002f jmp 00007FB12CC40910h 0x00000034 mov eax, dword ptr [ebp+122D1069h] 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007FB12CC40908h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 0000001Dh 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 sub dword ptr [ebp+122D1EEFh], ebx 0x0000005a mov bx, 2DBFh 0x0000005e push FFFFFFFFh 0x00000060 mov ebx, 07756AFAh 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 jmp 00007FB12CC40911h 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E2783 second address: 3E2788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E367E second address: 3E3683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3E3683 second address: 3E368A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3EBA08 second address: 3EBA24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CC40918h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3EB29C second address: 3EB2A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3EB2A1 second address: 3EB2DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jg 00007FB12CC40906h 0x00000013 jp 00007FB12CC40906h 0x00000019 jmp 00007FB12CC4090Fh 0x0000001e popad 0x0000001f jmp 00007FB12CC4090Fh 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3EB2DF second address: 3EB2E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3EB44E second address: 3EB458 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB12CC4090Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3EB458 second address: 3EB460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3EB460 second address: 3EB464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3EB5BA second address: 3EB5C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F7C68 second address: 3F7C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F7C6D second address: 3F7C73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F7C73 second address: 3F7C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 380DA1 second address: 380DCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CE98475h 0x00000009 pop edx 0x0000000a pushad 0x0000000b ja 00007FB12CE98466h 0x00000011 ja 00007FB12CE98466h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 380DCA second address: 380DD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F6A4B second address: 3F6A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F6A53 second address: 3F6A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F6A5D second address: 3F6A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007FB12CE9846Eh 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F73AB second address: 3F73B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F73B1 second address: 3F73E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CE98479h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB12CE9846Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F73E1 second address: 3F73E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F73E5 second address: 3F73F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jno 00007FB12CE98466h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F753B second address: 3F753F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F753F second address: 3F7586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CE98473h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FB12CE98475h 0x00000011 jmp 00007FB12CE98471h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F7586 second address: 3F758A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3F79BF second address: 3F79C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FEB03 second address: 3FEB0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FB12CC40906h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FEB0D second address: 3FEB11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FEC72 second address: 3FEC8F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB12CC40911h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FEC8F second address: 3FEC95 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FEC95 second address: 3FEC9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FEC9D second address: 3FECA7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB12CE98466h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FF34F second address: 3FF390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jnl 00007FB12CC40906h 0x0000000d jmp 00007FB12CC4090Bh 0x00000012 jne 00007FB12CC40906h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b pop edi 0x0000001c jl 00007FB12CC4092Bh 0x00000022 jmp 00007FB12CC40913h 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FF390 second address: 3FF396 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FF7E5 second address: 3FF7EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FF7EA second address: 3FF7F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FF946 second address: 3FF94B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FF94B second address: 3FF968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB12CE98470h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3FF968 second address: 3FF96C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3ADF8E second address: 3ADF93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 406792 second address: 406798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 406798 second address: 4067A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jnc 00007FB12CE98466h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4067A8 second address: 4067BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007FB12CC40906h 0x0000000d jns 00007FB12CC40906h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 405498 second address: 4054A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4054A0 second address: 4054A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 40562F second address: 405651 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CE9846Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB12CE98470h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4057BB second address: 4057CB instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB12CC40906h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4057CB second address: 4057D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 405F3A second address: 405F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FB12CC40916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 405F55 second address: 405F73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CE98474h 0x00000007 jl 00007FB12CE9846Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 406219 second address: 40622E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop esi 0x00000007 jnp 00007FB12CC4091Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007FB12CC40906h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4064B1 second address: 4064B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4064B5 second address: 4064B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4064B9 second address: 4064BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 40ABBA second address: 40ABD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB12CC40916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C8122 second address: 3C8128 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C8128 second address: 3C812D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C820D second address: 3C821B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C86EA second address: 3C86FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007FB12CC40906h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C8783 second address: 3C8787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C8787 second address: 3C87FA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jmp 00007FB12CC40918h 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007FB12CC4090Fh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b jmp 00007FB12CC4090Ah 0x00000020 pop eax 0x00000021 push 00000000h 0x00000023 push edi 0x00000024 call 00007FB12CC40908h 0x00000029 pop edi 0x0000002a mov dword ptr [esp+04h], edi 0x0000002e add dword ptr [esp+04h], 00000018h 0x00000036 inc edi 0x00000037 push edi 0x00000038 ret 0x00000039 pop edi 0x0000003a ret 0x0000003b mov dword ptr [ebp+122D1E31h], edi 0x00000041 push 03D6DD3Bh 0x00000046 push edi 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C87FA second address: 3C87FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C890F second address: 3C8913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C8AF2 second address: 3C8AF7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C93E9 second address: 3C9432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 jmp 00007FB12CC40912h 0x0000000c lea eax, dword ptr [ebp+12477ECCh] 0x00000012 push 00000000h 0x00000014 push edx 0x00000015 call 00007FB12CC40908h 0x0000001a pop edx 0x0000001b mov dword ptr [esp+04h], edx 0x0000001f add dword ptr [esp+04h], 00000015h 0x00000027 inc edx 0x00000028 push edx 0x00000029 ret 0x0000002a pop edx 0x0000002b ret 0x0000002c mov edx, dword ptr [ebp+122D2BE8h] 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C9432 second address: 3C9438 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C9438 second address: 3C9447 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C9447 second address: 3C944B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C944B second address: 3C9451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C9451 second address: 3C945B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB12CE9846Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C945B second address: 3ADF8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 sbb di, 1695h 0x0000000c call dword ptr [ebp+122D225Ah] 0x00000012 jg 00007FB12CC4091Ah 0x00000018 push esi 0x00000019 pushad 0x0000001a popad 0x0000001b pop esi 0x0000001c pushad 0x0000001d jmp 00007FB12CC4090Ch 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 jl 00007FB12CC4090Ch 0x0000002d jmp 00007FB12CC40913h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 409D10 second address: 409D25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB12CE98466h 0x0000000a js 00007FB12CE98466h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 409D25 second address: 409D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 409D2B second address: 409D31 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 409D31 second address: 409D66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FB12CC4090Bh 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FB12CC40918h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 409D66 second address: 409D6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 409D6C second address: 409D70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 409EBC second address: 409ECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jng 00007FB12CE9847Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 409ECB second address: 409ED5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FB12CC40906h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 40A72F second address: 40A746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CE98473h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 413B82 second address: 413B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 413B86 second address: 413BDD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB12CE9846Eh 0x0000000c jmp 00007FB12CE98473h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 jmp 00007FB12CE98475h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FB12CE9846Ah 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 jbe 00007FB12CE98466h 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 413ED8 second address: 413EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 417F4E second address: 417F6A instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB12CE9846Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FB12CE98466h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 417F6A second address: 417F7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FB12CC4090Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 417F7F second address: 417F92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB12CE9846Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 417621 second address: 417627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 417627 second address: 417645 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CE98473h 0x00000009 je 00007FB12CE98466h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 417913 second address: 417917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 417917 second address: 41792E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CE98473h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41792E second address: 41793C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FB12CC40906h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41793C second address: 417963 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FB12CE98471h 0x0000000c jmp 00007FB12CE9846Ah 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41CE8C second address: 41CE98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FB12CC40906h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41CE98 second address: 41CE9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41CE9E second address: 41CEA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41D176 second address: 41D19E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CE98475h 0x00000007 jmp 00007FB12CE9846Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41D19E second address: 41D1C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40919h 0x00000007 jc 00007FB12CC40912h 0x0000000d jnp 00007FB12CC40906h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 385E1A second address: 385E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41D5B5 second address: 41D5B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41D5B9 second address: 41D5BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41D5BE second address: 41D5D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FB12CC40906h 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41D5D2 second address: 41D5E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e jnp 00007FB12CE9846Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C8DC4 second address: 3C8DC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C8DC9 second address: 3C8E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c and edx, dword ptr [ebp+122D3A70h] 0x00000012 mov ebx, dword ptr [ebp+12477F0Bh] 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007FB12CE98468h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 mov dh, E7h 0x00000034 add eax, ebx 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007FB12CE98468h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 jmp 00007FB12CE9846Ch 0x00000055 mov dword ptr [ebp+122D2846h], ebx 0x0000005b nop 0x0000005c push eax 0x0000005d push edx 0x0000005e push ecx 0x0000005f jno 00007FB12CE98466h 0x00000065 pop ecx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3C8E44 second address: 3C8E4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41D740 second address: 41D755 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CE9846Fh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41E231 second address: 41E23E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FB12CC40906h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41E23E second address: 41E244 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41E244 second address: 41E24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41E24A second address: 41E272 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB12CE98480h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FB12CE98478h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41E272 second address: 41E276 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 41FB68 second address: 41FB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 423B0A second address: 423B10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 422EDD second address: 422EE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42302F second address: 423057 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB12CC40906h 0x00000008 jo 00007FB12CC40906h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop esi 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB12CC40912h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 423057 second address: 42305B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42305B second address: 423064 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 423064 second address: 42306A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42320F second address: 423216 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 423216 second address: 423221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 423221 second address: 423225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 423363 second address: 423367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 423367 second address: 42336B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42336B second address: 4233A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CE98473h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jmp 00007FB12CE98475h 0x00000011 pop ecx 0x00000012 pushad 0x00000013 jng 00007FB12CE98466h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42353C second address: 423546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4295E7 second address: 4295EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4295EB second address: 429604 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FB12CC40913h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 429604 second address: 429616 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB12CE9846Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 429616 second address: 42961A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42961A second address: 42962A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FB12CE98466h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42962A second address: 42962E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 429917 second address: 429941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jmp 00007FB12CE98475h 0x0000000c push ebx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 pushad 0x00000012 js 00007FB12CE98481h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42A49A second address: 42A4A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42A79F second address: 42A7A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42A7A5 second address: 42A7DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CC40912h 0x00000009 jmp 00007FB12CC4090Dh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FB12CC40914h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42A7DF second address: 42A7F4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FB12CE9846Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42A7F4 second address: 42A7FE instructions: 0x00000000 rdtsc 0x00000002 js 00007FB12CC4091Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42AB55 second address: 42AB68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CE9846Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42AB68 second address: 42AB6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42AB6C second address: 42AB74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42AB74 second address: 42AB8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40914h 0x00000007 push eax 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42F8A7 second address: 42F8AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42EADB second address: 42EB1B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB12CC40920h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FB12CC40918h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ebx 0x00000012 jnc 00007FB12CC40917h 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007FB12CC4090Fh 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42EB1B second address: 42EB1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42EB1F second address: 42EB35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40912h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42EC95 second address: 42EC9A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42F2F7 second address: 42F315 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC4090Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f jp 00007FB12CC40906h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42F315 second address: 42F32F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB12CE98466h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FB12CE9846Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43B95B second address: 43B973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CC4090Eh 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43B973 second address: 43B97E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43B97E second address: 43B984 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43BF13 second address: 43BF19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43BF19 second address: 43BF1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43BF1D second address: 43BF2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnc 00007FB12CE98466h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43C0B7 second address: 43C0C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FB12CC40906h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43C7CC second address: 43C7D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43C7D2 second address: 43C7D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43C7D7 second address: 43C7DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43CF2E second address: 43CF34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43CF34 second address: 43CF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43CF38 second address: 43CF3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43AEAC second address: 43AEB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43AEB1 second address: 43AECE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB12CC40918h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43AECE second address: 43AED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44282F second address: 442833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 442833 second address: 44283B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 442996 second address: 4429A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jc 00007FB12CC40906h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 442BA6 second address: 442BBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CE98474h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D2FF second address: 44D312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CC4090Ah 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D312 second address: 44D318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D318 second address: 44D31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3878A9 second address: 3878AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3878AF second address: 3878B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3878B5 second address: 3878BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3878BA second address: 3878C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3878C0 second address: 3878C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3878C4 second address: 3878E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FB12CC4090Ch 0x0000000c je 00007FB12CC40906h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push ebx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 467320 second address: 467337 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FB12CE9846Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 467337 second address: 46733D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46733D second address: 467341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 467341 second address: 46735E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40915h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46735E second address: 467362 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4707DA second address: 4707E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47190C second address: 471918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FB12CE98466h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 471918 second address: 47191C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47191C second address: 471936 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB12CE98466h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ja 00007FB12CE98484h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 471936 second address: 47193A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 480E1F second address: 480E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 486DB9 second address: 486DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 483DA3 second address: 483DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FB12CE98473h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49589B second address: 4958AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jnl 00007FB12CC4090Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4958AF second address: 4958BD instructions: 0x00000000 rdtsc 0x00000002 js 00007FB12CE98468h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4958BD second address: 4958C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4958C1 second address: 4958C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4956F5 second address: 495705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FB12CC40906h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 495705 second address: 49570B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49570B second address: 495710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 495710 second address: 49571A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FB12CE98466h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49847F second address: 498496 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB12CC4090Ah 0x00000008 pushad 0x00000009 jnl 00007FB12CC40906h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498496 second address: 4984AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jc 00007FB12CE9849Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f js 00007FB12CE98466h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AE132 second address: 4AE14E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40912h 0x00000007 jg 00007FB12CC40906h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AE14E second address: 4AE156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B189C second address: 4B18B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FB12CC4090Dh 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B18B0 second address: 4B18B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B19F8 second address: 4B1A17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40912h 0x00000007 jng 00007FB12CC40906h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1A17 second address: 4B1A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CE9846Eh 0x00000009 jmp 00007FB12CE98473h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1A3F second address: 4B1A4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnp 00007FB12CC40906h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1A4A second address: 4B1A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B1DDA second address: 4B1DDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2239 second address: 4B223F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B223F second address: 4B2244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2244 second address: 4B224A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B224A second address: 4B224E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B250F second address: 4B2513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2698 second address: 4B269C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B269C second address: 4B26A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B687E second address: 4B689E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB12CC40916h 0x00000007 jnl 00007FB12CC40906h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B689E second address: 4B68C3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB12CE9847Fh 0x00000008 jmp 00007FB12CE98479h 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8078 second address: 4B8093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB12CC40917h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8093 second address: 4B80A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FB12CE98466h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B80A3 second address: 4B80A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B80A7 second address: 4B80AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B80AF second address: 4B80B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B80B5 second address: 4B80B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA17B second address: 4BA189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 ja 00007FB12CC40906h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA189 second address: 4BA18D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BA18D second address: 4BA198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960EC5 second address: 4960EDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB12CE98474h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960EDD second address: 4960EE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960EE1 second address: 4960EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007FB12CE9849Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov edi, 24FE3E6Ah 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960EF8 second address: 4960EFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960EFE second address: 4960F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960F02 second address: 4960F06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CC8B1 second address: 3CC8B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CC8B6 second address: 3CC8BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CC8BC second address: 3CC8C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CCABB second address: 3CCAC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 3CCAC1 second address: 3CCACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB12CE9846Ah 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 223B53 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 223C45 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 447B64 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7344	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7344	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 6_2_00205BB0 LdrInitializeThunk,

6_2_00205BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor

Source: file.exe, file.exe, 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmp

Binary or memory string: d0Program Manager

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	631 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	223 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	43%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/inventory/	100%	URL Reputation	malware
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/legal/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	true	unknown
sergei-esenin.com	172.67.206.204	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
studennotediw.store	true		unknown
dissapoiznw.store	true		unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
eaglepawnoy.store	true		unknown
bathdoomgaz.store	true		unknown
clearancek.site	true		unknown
spirittunek.store	true		unknown
licendfilteo.site	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	file.exe, 00000006.00000003.1322493749.0000000000B24000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000A6E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampoweK;	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322705699.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstati#	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.c	file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/apilG	file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steam.tv/	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.ste	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/Ap:	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/images/skin	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322705699.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.r	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/privacy_agreement/	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akam	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/points/shop/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322684818.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://www.youtube.com/	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.cloudflare.com/learning/access	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.cloudflare.com/5xx-error-landing	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322684818.0000000000ADC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B24000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/B	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/apim	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/apin	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/my/wishlist/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.steampowered.com/en/	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com-	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stat	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geon	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322705699.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/discussions/	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://medal.tv	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/nb	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.k;	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322705699.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/subscriber_agree	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322615630.0000000000AEA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322705699.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000ACC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/legal/	file.exe, 00000006.00000003.1322573364.0000000000AE1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.c	file.exe, 00000006.00000003.1327609402.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000006.00000002.1340318875.0000000000B2C000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://recaptcha.net	file.exe, 00000006.00000002.1340318875.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/	file.exe, 00000006.00000003.1322493749.0000000000B2D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true
172.67.206.204	sergei-esenin.com	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532980
Start date and time:	2024-10-14 08:56:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:57:02	API Interceptor	4x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm
172.67.206.204	file.exe	Get hash	malicious	LummaC	Browse
	SoftWare.exe	Get hash	malicious	LummaC	Browse
	SoftWare(2).exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	SecuriteInfo.com.Win32.Evo-gen.15503.22039.exe	Get hash	malicious	LummaC	Browse
	SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sergei-esenin.com	Executor.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	Solara.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SoftWare.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	SoftWare.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SoftWare(2).exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	SoftWare(1).exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Executor.exe	Get hash	malicious	LummaC	Browse	23.197.127.21
	Solara.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SoftWare.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SoftWare.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SoftWare(2).exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SoftWare(1).exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://tracking.ei9ie7ph.com/aff_c?offer_id=14263&aff_id=2&source=testoffer&aff_sub=testoffer	Get hash	malicious	Unknown	Browse	172.66.0.227
	http://mxi.fr/json/upload/dkjxff.php?lfitf5p	Get hash	malicious	Unknown	Browse	172.67.170.19
	Snvlerier.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	Executor.exe	Get hash	malicious	LummaC	Browse	104.21.46.170
	Solara.exe	Get hash	malicious	LummaC	Browse	104.21.77.78
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	ASL OTSL 2 ship's Particulars.xlsx.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.13.205
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	https://totalcanterbury0.sharefile.com/public/share/web-034ada86e7d04d74	Get hash	malicious	Unknown	Browse	172.67.74.152
	arm5.nn-20241014-0317.elf	Get hash	malicious	Mirai, Okiru	Browse	1.13.112.124
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Solara.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	arm5.nn-20241014-0317.elf	Get hash	malicious	Mirai, Okiru	Browse	104.117.28.226
	arm7.nn-20241014-0317.elf	Get hash	malicious	Mirai, Okiru	Browse	104.124.6.21
	SoftWare.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SoftWare.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SoftWare(2).exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SoftWare(1).exe	Get hash	malicious	LummaC	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	Executor.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	Solara.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	SoftWare.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	SoftWare.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	SoftWare(2).exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	SoftWare(1).exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.5747600573131795
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'935'296 bytes
MD5:	624aa9f7c297655526b0c57976065fd9
SHA1:	7a0be2e902647eebafc4b857146677ebd81012ef
SHA256:	e8653f720910be487637fe70d1bd58299a2f207d7140a00db5a6d51e4c65c00f
SHA512:	04657e8ffbbfa20eb56a7d2d9acb7e08c0e5b0fc8bc628d3974d189386ec7f2c9fb36b639b4b2f670cdfde4860f2947d9117d37be47a50f8257b94bee253f56a
SSDEEP:	49152:rUMq9POKbS+CdE5oll2XtvPitwL41swEUJ9OiuKyluuNH2dSWrIhulz9BH:rHyPTbQE5oX2XtvPimL41swEUJ9Vu/lA
TLSH:	E8D54AB1B546A6CFC99A12F4E077CD626A7D03F54B3449C3D85864BA7E73CC211BAC28
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................P0...........@...........................0.......-...@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x705000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FB12CD9B1CAh
push gs
sub al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007FB12CD9D1C5h
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	65e9db9069a5c1cb6a598d0ed611af15	False	0.9995552289603961	data	7.976576879741522	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
nkeasgxt	0x60000	0x2a4000	0x2a3400	80098b32cf2a76cecef45ece730b3c25	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bmonghax	0x304000	0x1000	0x400	9601b2ce7b6c60f106048c2e0a46bdf2	False	0.7958984375	data	6.1706552977563724	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x305000	0x3000	0x2200	54b9564d251e6f24b2200d147dc7fd0f	False	0.05583639705882353	DOS executable (COM)	0.7431325590949677	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-14T08:57:03.639749+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.7	64984	1.1.1.1	53	UDP
2024-10-14T08:57:03.652562+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.7	50666	1.1.1.1	53	UDP
2024-10-14T08:57:03.664311+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.7	62360	1.1.1.1	53	UDP
2024-10-14T08:57:03.675004+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.7	62013	1.1.1.1	53	UDP
2024-10-14T08:57:03.685968+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.7	57330	1.1.1.1	53	UDP
2024-10-14T08:57:03.696501+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.7	60913	1.1.1.1	53	UDP
2024-10-14T08:57:03.707069+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.7	49152	1.1.1.1	53	UDP
2024-10-14T08:57:03.717611+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.7	58557	1.1.1.1	53	UDP
2024-10-14T08:57:06.075782+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.7	49699	104.102.49.254	443	TCP
2024-10-14T08:57:07.046002+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	49700	172.67.206.204	443	TCP
2024-10-14T08:57:07.046002+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49700	172.67.206.204	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 08:57:03.747199059 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:03.747262955 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:03.747325897 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:03.751318932 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:03.751342058 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:04.454950094 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:04.455051899 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:04.522454977 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:04.522504091 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:04.522780895 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:04.575967073 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:05.233042955 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:05.279401064 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.075807095 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.075836897 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.075844049 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.075866938 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.075876951 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.075885057 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:06.075898886 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.075937986 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:06.075970888 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:06.210216045 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.210236073 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.210350037 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:06.210371017 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.210444927 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:06.217148066 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.217217922 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:06.217226982 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.217245102 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.217271090 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:06.217299938 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:06.219459057 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:06.219471931 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.219501019 CEST	49699	443	192.168.2.7	104.102.49.254
Oct 14, 2024 08:57:06.219507933 CEST	443	49699	104.102.49.254	192.168.2.7
Oct 14, 2024 08:57:06.235954046 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:06.235990047 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:06.236202002 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:06.236547947 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:06.236566067 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:06.903202057 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:06.903423071 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:06.907187939 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:06.907205105 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:06.907526970 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:06.909286022 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:06.909348965 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:06.909367085 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.045993090 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.046032906 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.046055079 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.046075106 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.046103954 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:07.046130896 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.046144009 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.046235085 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:07.046235085 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:07.046643019 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:07.046657085 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.046689987 CEST	49700	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:07.046696901 CEST	443	49700	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.135142088 CEST	49701	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:07.135175943 CEST	443	49701	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.135268927 CEST	49701	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:07.135679960 CEST	49701	443	192.168.2.7	172.67.206.204
Oct 14, 2024 08:57:07.135696888 CEST	443	49701	172.67.206.204	192.168.2.7
Oct 14, 2024 08:57:07.548140049 CEST	49701	443	192.168.2.7	172.67.206.204

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 08:57:03.639749050 CEST	64984	53	192.168.2.7	1.1.1.1
Oct 14, 2024 08:57:03.648452044 CEST	53	64984	1.1.1.1	192.168.2.7
Oct 14, 2024 08:57:03.652561903 CEST	50666	53	192.168.2.7	1.1.1.1
Oct 14, 2024 08:57:03.662060022 CEST	53	50666	1.1.1.1	192.168.2.7
Oct 14, 2024 08:57:03.664310932 CEST	62360	53	192.168.2.7	1.1.1.1
Oct 14, 2024 08:57:03.673332930 CEST	53	62360	1.1.1.1	192.168.2.7
Oct 14, 2024 08:57:03.675004005 CEST	62013	53	192.168.2.7	1.1.1.1
Oct 14, 2024 08:57:03.684885979 CEST	53	62013	1.1.1.1	192.168.2.7
Oct 14, 2024 08:57:03.685967922 CEST	57330	53	192.168.2.7	1.1.1.1
Oct 14, 2024 08:57:03.694910049 CEST	53	57330	1.1.1.1	192.168.2.7
Oct 14, 2024 08:57:03.696501017 CEST	60913	53	192.168.2.7	1.1.1.1
Oct 14, 2024 08:57:03.705763102 CEST	53	60913	1.1.1.1	192.168.2.7
Oct 14, 2024 08:57:03.707068920 CEST	49152	53	192.168.2.7	1.1.1.1
Oct 14, 2024 08:57:03.715667009 CEST	53	49152	1.1.1.1	192.168.2.7
Oct 14, 2024 08:57:03.717611074 CEST	58557	53	192.168.2.7	1.1.1.1
Oct 14, 2024 08:57:03.726727962 CEST	53	58557	1.1.1.1	192.168.2.7
Oct 14, 2024 08:57:03.729199886 CEST	61983	53	192.168.2.7	1.1.1.1
Oct 14, 2024 08:57:03.736378908 CEST	53	61983	1.1.1.1	192.168.2.7
Oct 14, 2024 08:57:06.223716021 CEST	52054	53	192.168.2.7	1.1.1.1
Oct 14, 2024 08:57:06.235200882 CEST	53	52054	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 14, 2024 08:57:03.639749050 CEST	192.168.2.7	1.1.1.1	0x2840	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.652561903 CEST	192.168.2.7	1.1.1.1	0x5f80	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.664310932 CEST	192.168.2.7	1.1.1.1	0xd254	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.675004005 CEST	192.168.2.7	1.1.1.1	0x51f	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.685967922 CEST	192.168.2.7	1.1.1.1	0x44ec	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.696501017 CEST	192.168.2.7	1.1.1.1	0x9f70	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.707068920 CEST	192.168.2.7	1.1.1.1	0xe31e	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.717611074 CEST	192.168.2.7	1.1.1.1	0x72aa	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.729199886 CEST	192.168.2.7	1.1.1.1	0x7586	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:06.223716021 CEST	192.168.2.7	1.1.1.1	0xc716	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 14, 2024 08:57:03.648452044 CEST	1.1.1.1	192.168.2.7	0x2840	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.662060022 CEST	1.1.1.1	192.168.2.7	0x5f80	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.673332930 CEST	1.1.1.1	192.168.2.7	0xd254	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.684885979 CEST	1.1.1.1	192.168.2.7	0x51f	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.694910049 CEST	1.1.1.1	192.168.2.7	0x44ec	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.705763102 CEST	1.1.1.1	192.168.2.7	0x9f70	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.715667009 CEST	1.1.1.1	192.168.2.7	0xe31e	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.726727962 CEST	1.1.1.1	192.168.2.7	0x72aa	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:03.736378908 CEST	1.1.1.1	192.168.2.7	0x7586	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:06.235200882 CEST	1.1.1.1	192.168.2.7	0xc716	No error (0)	sergei-esenin.com		172.67.206.204	A (IP address)	IN (0x0001)	false
Oct 14, 2024 08:57:06.235200882 CEST	1.1.1.1	192.168.2.7	0xc716	No error (0)	sergei-esenin.com		104.21.53.8	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

sergei-esenin.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49699	104.102.49.254	443	60	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-14 06:57:05 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-14 06:57:06 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Mon, 14 Oct 2024 06:57:05 GMT Content-Length: 34837 Connection: close Set-Cookie: sessionid=c6136d87d8655a4d6f91e01c; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-14 06:57:06 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-14 06:57:06 UTC	16384	IN	Data Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
2024-10-14 06:57:06 UTC	3768	IN	Data Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: <div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
2024-10-14 06:57:06 UTC	171	IN	Data Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49700	172.67.206.204	443	60	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-14 06:57:06 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sergei-esenin.com
2024-10-14 06:57:06 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-14 06:57:07 UTC	559	IN	HTTP/1.1 200 OK Date: Mon, 14 Oct 2024 06:57:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LIqyYh%2Bgy5TcarQgOFeZz03BnKASo%2FQhM46Bq63VSjh%2FTvzvcurul50v6OM7c9t2w1rGEWTaVFHpmmcr2d1j99t8oBc4aitmJH534dOf8I%2FBCIexl3K%2BniaO%2FqDUriwk8iXhlg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d25ac62b905431f-EWR
2024-10-14 06:57:07 UTC	810	IN	Data Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-14 06:57:07 UTC	1369	IN	Data Raw: 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 Data Ascii: /styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementBy
2024-10-14 06:57:07 UTC	1369	IN	Data Raw: 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: -management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain">
2024-10-14 06:57:07 UTC	893	IN	Data Raw: 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 Data Ascii: an> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" i
2024-10-14 06:57:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	6
Start time:	02:57:01
Start date:	14/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x1c0000
File size:	2'935'296 bytes
MD5 hash:	624AA9F7C297655526B0C57976065FD9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	47.3%
Total number of Nodes:	91
Total number of Limit Nodes:	9

Executed Functions

Function 001CFCA0 Relevance: 6.6, Strings: 5, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 001CFCBE
R9pj22MHCHKak4H58y613LTMs_rGo4WyGVSgDnKxZ1o-1728889027-0.0.1.1-/api, xrefs: 001D0137, 001D0154
VY^_, xrefs: 001CFDFF
V, xrefs: 001CFEDC
J|BJ, xrefs: 001D000D

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: J|BJ$R9pj22MHCHKak4H58y613LTMs_rGo4WyGVSgDnKxZ1o-1728889027-0.0.1.1-/api$V$VY^_$t
API String ID: 0-870959004
Opcode ID: ebb32e16cbebcc4c35cc04d98395a3a95d9d028173ce703e0935772887ecfc84
Instruction ID: c022251f0434442a7f674b46a5c758122115a448db55079c55ae8a81d064a0c5
Opcode Fuzzy Hash: ebb32e16cbebcc4c35cc04d98395a3a95d9d028173ce703e0935772887ecfc84
Instruction Fuzzy Hash: F6D17675508380ABD311DF149490B6FBBE2ABA6B44F18881DF4D98B352C336DD4ADB92

Function 001FF620 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 461
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

hi, xrefs: 001FF6E6
dg, xrefs: 001FF7F5

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 436423abdcc05c783958338e3808d6b14a9ca8fe41133dd02b2d4f05007b6eb7
Instruction ID: 5f6ddcfb20b08cef170d378c95fa8d8b0acaa1242754e17c2af65a20734e6936
Opcode Fuzzy Hash: 436423abdcc05c783958338e3808d6b14a9ca8fe41133dd02b2d4f05007b6eb7
Instruction Fuzzy Hash: 24F18471618301EFE704CF24D895B6ABBE6FF95348F14892CF1858B2A1CB74D94ACB12

Function 001CD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 001CD2F1

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 4c0ec936e9d71acc1f69a3cbb64ed649b48ffd87fb20815baea1e24f28e0bc81
Instruction ID: 41d4452c3edd1186a84d2de616e6cf7a37dca86a6eedf0f28932c6144bd10385
Opcode Fuzzy Hash: 4c0ec936e9d71acc1f69a3cbb64ed649b48ffd87fb20815baea1e24f28e0bc81
Instruction Fuzzy Hash: B441347440D380ABD301BB68E595E2EFBF5AFA2745F148C2CE5C497252C33AD8109B67

Function 00205700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00205784

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 475d39e02fda492317eac4355321a955d42c0aa07712c18a1064b4899e0cc1a6
Instruction ID: e078bd4ff889fa6755bddd78a758a35d00d2c17aba98d9bbd93af9f0b31fc0fc
Opcode Fuzzy Hash: 475d39e02fda492317eac4355321a955d42c0aa07712c18a1064b4899e0cc1a6
Instruction Fuzzy Hash: 4E11A37152C790EBD301EF18E844A1BFBF9AF96710F058828E4C49B262D735D821CB97

Function 00205BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0020973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00205BDE

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 0020695B Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

@, xrefs: 002069C5

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 25ab0b4564eecfa49a694ae48f30d739177dd7e0d8408af94de0035c48c83b5a
Instruction ID: 4a7ef28851e3c4b87e8dc4567c55593d033e31378cceb1e97f27fed8446573ef
Opcode Fuzzy Hash: 25ab0b4564eecfa49a694ae48f30d739177dd7e0d8408af94de0035c48c83b5a
Instruction Fuzzy Hash: D931ADB0A283029FD718EF14D49872BB7F2FF94344F04881CE5C6972A2E7749924CB56

Function 001D049B Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceb0d2faaefc0c052e23fe4cd463bd01e8a979a7f33dbe84f4960e04fd9cdee9
Instruction ID: 4bdb1e86e3169f6208cd72920c09142646ba1ad0fbcb1547532abb7eb8818100
Opcode Fuzzy Hash: ceb0d2faaefc0c052e23fe4cd463bd01e8a979a7f33dbe84f4960e04fd9cdee9
Instruction Fuzzy Hash: 06915A75200B01CFD725CF25E898B16B7F6FF89314F118A6DE8568BAA2DB31E815CB50

Function 001D0228 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11439ee317bb78c417b4c60a3591ce42c4ddddd322ae283114fdfb94482c4fb6
Instruction ID: 3394d1bcef09758f6518d0fbbc8a0b39b4ff857520a79477da360ccc6f51ded0
Opcode Fuzzy Hash: 11439ee317bb78c417b4c60a3591ce42c4ddddd322ae283114fdfb94482c4fb6
Instruction Fuzzy Hash: D9716975200701DFD725CF21E898B27B7F6FF89314F11896DE8968BA62DB31A815CB60

Function 002099D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeb63f4612b8e8c578cb8eb2d8cf7e318a1ba53ae7d85bb7dc5ebe4db3eb76b2
Instruction ID: 38e141aeaae4165672e77ed7a47ba682036b7f29173f1e22d56f3d522554265e
Opcode Fuzzy Hash: aeb63f4612b8e8c578cb8eb2d8cf7e318a1ba53ae7d85bb7dc5ebe4db3eb76b2
Instruction Fuzzy Hash: B9419D34228301ABD714DF15E891B2BF7B6EB95724F54882CE5CA972D3D331E861CB62

Function 002063B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bce8b20c244b3d31cd3e276f7a29007e9976a771211ea882f5f4078c6f0c6624
Instruction ID: ef7da51cae8e1080c49d1da0d3a957d2da1d6ac83434fbbb1fb287ecf5e4351f
Opcode Fuzzy Hash: bce8b20c244b3d31cd3e276f7a29007e9976a771211ea882f5f4078c6f0c6624
Instruction Fuzzy Hash: 5F31C370659302FAD724DB04DD8AF2BB7A6EB91B15F648508F1815A2D2D7B0A8318B52

Function 001D0EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 161b380425a37b72c97a616c46d53c8afa90c80105511fd6f9dbe1ac36945465
Instruction ID: 1b81e4fcce4767bf2e2b77d692277fd77bac66f53b59327357ede408a1431e95
Opcode Fuzzy Hash: 161b380425a37b72c97a616c46d53c8afa90c80105511fd6f9dbe1ac36945465
Instruction Fuzzy Hash: 572109B490022A9FDB15CF94DC90BBEBBB1FB4A304F244859E511BB392C735A911CF64

Function 001D2F94 Relevance: 15.9, APIs: 1, Strings: 9, Instructions: 862
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.COMBASE ref: 001D3378

Strings

IK, xrefs: 001D3178
jxEJ, xrefs: 001D302B
[Pcl, xrefs: 001D3839
sergei-esenin.com, xrefs: 001D334C, 001D3B12
jXl>, xrefs: 001D3847
YTfT, xrefs: 001D3832
HLB6, xrefs: 001D3855
AR]J, xrefs: 001D303F
173793504029E567EA7AC6D6850BB1C1, xrefs: 001D2F94

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: Uninitialize
String ID: 173793504029E567EA7AC6D6850BB1C1$AR]J$HLB6$YTfT$[Pcl$jXl>$jxEJ$sergei-esenin.com$IK
API String ID: 3861434553-2426363107
Opcode ID: 003629d4223e3b72b6c0d7f728f0810ed1da22dd6233105e916935705af9ef40
Instruction ID: 27812235794e2f7a7f271024e22e2134550139171e5dddda905ac664b7140036
Opcode Fuzzy Hash: 003629d4223e3b72b6c0d7f728f0810ed1da22dd6233105e916935705af9ef40
Instruction Fuzzy Hash: 0E62BAB0000B808BD7629F35D890BA7BBF5AF2A304F44492DE4EB87752D735B519CB22

Function 00203220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 002032A6

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 24aa6914c64ce4ba0dddb40f8b4258816f464c5bc88f67c053eab59ab5f0e4bd
Instruction ID: af3430ed24d1d78585c62e5e33a0023980504ec99a9083f84f00a3970065312b
Opcode Fuzzy Hash: 24aa6914c64ce4ba0dddb40f8b4258816f464c5bc88f67c053eab59ab5f0e4bd
Instruction Fuzzy Hash: 88014B3450D3509BC701EF18E849A1ABBE9EF5A700F05885CE5C58B362D735DD60CB96

Function 001FF54B Relevance: 1.6, APIs: 1, Instructions: 52
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32 ref: 001FF5CD

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: AllocString
String ID:
API String ID: 2525500382-0
Opcode ID: a5d5442ed7ffa470aee51c3940198c2ee34a45fb9a4e5bcd8655364a93ad46a8
Instruction ID: 74d11677d859093e3bd3151a7ae07462c7cf15c8cb18888547b0ff09b090eaff
Opcode Fuzzy Hash: a5d5442ed7ffa470aee51c3940198c2ee34a45fb9a4e5bcd8655364a93ad46a8
Instruction Fuzzy Hash: 66013270118341ABE340DF14C484A2FBBF5AF86394F849D0CF5C88B2A2C735D849CB92

Function 001FF5FC Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 001FF60F

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: caae34ad50b09451d0cbf338f5698aad894cb373fca9f7b4fb0b732e15ead97b
Instruction ID: 56e456d45488f6a45e9928957ab08b9024a478314b1f61ce30f17a46b60895a5
Opcode Fuzzy Hash: caae34ad50b09451d0cbf338f5698aad894cb373fca9f7b4fb0b732e15ead97b
Instruction Fuzzy Hash: 65C09B303D4302F6F1320614BC67F5562247753F01F605C04F7457C4D0CEF16225555A

Function 001D2F6F Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 001D2F82

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 4dd1a03251018ccd7ca04624047e762e641455a2b5fb51fcca6c851ec69d7164
Instruction ID: 2dd9cbf738642e8875a0e50c48dc150833b4a1def0aacf5d21421f4269c51800
Opcode Fuzzy Hash: 4dd1a03251018ccd7ca04624047e762e641455a2b5fb51fcca6c851ec69d7164
Instruction Fuzzy Hash: F8C092313D8706F0F03406087C27F0522045302F30F700B10B3747C5D18CD03102800D

Function 00203202 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 00203208

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e423e0bc9408afa4952452121e486377c12aaffd2becbeb43c2ea1713ac36876
Instruction ID: 9e57509170fa42f63241b411a848821a852477ea6d38a01730f3977a6863a916
Opcode Fuzzy Hash: e423e0bc9408afa4952452121e486377c12aaffd2becbeb43c2ea1713ac36876
Instruction Fuzzy Hash: 60B01230080000AFDA041B00FC0EF013510EB10605F800050A100040F1D5655865C554

Function 001D2F10 Relevance: 1.3, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 001D2F5F

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 6b45bc14b7ac0d01989ca17470a572b4ba60666882c11ca9055f7623667e0fdf
Instruction ID: bbf7ca21fe35d0421f3a85bba09fdb4835aab4ba4728fc58140bb88297dc7f7c
Opcode Fuzzy Hash: 6b45bc14b7ac0d01989ca17470a572b4ba60666882c11ca9055f7623667e0fdf
Instruction Fuzzy Hash: 34F082A1D107006BD770BA3D9E0B7173DB8A706220F400729ECE58A7C4FA20A82DCBD7

Non-executed Functions

Function 001DDB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

<=:;, xrefs: 001DE930
@ONM, xrefs: 001DE6DB
lkji, xrefs: 001DE73E
`onm, xrefs: 001DE733
89>?, xrefs: 001DE9F6
QNOL, xrefs: 001DE775
mjkh, xrefs: 001DE7D8
dcba, xrefs: 001DE728
DCBA, xrefs: 001DE887, 001DE896
<=2, xrefs: 001DEA01
tuJK, xrefs: 001DE967
AR, xrefs: 001DDD10
xgfe, xrefs: 001DE71D
%*+(, xrefs: 001DDE37, 001DDE46
tsrq, xrefs: 001DE6FC
D, xrefs: 001DE846
|, xrefs: 001DECB1
LKJI, xrefs: 001DE6E6
()./, xrefs: 001DE9CA
:WUE, xrefs: 001DF6B7, 001DF6C6
89&', xrefs: 001DE93B
T, xrefs: 001DF157
`Y^_, xrefs: 001DE99E
WP, xrefs: 001DDCEF

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 2c4fbeb0717954920be48abe241e0bc113c83010f6921e49bad8676357e67b7c
Instruction ID: 826812e30bfdaffa1b038a00e05eac5aae49665519c5abaa6122c02176d4ed75
Opcode Fuzzy Hash: 2c4fbeb0717954920be48abe241e0bc113c83010f6921e49bad8676357e67b7c
Instruction Fuzzy Hash: B7F287B05083819BD770DF14C894BABBBE6BFD5304F14482EE4C98B392DB319995CB92

Function 001F23E0 Relevance: 31.3, APIs: 4, Strings: 12, Instructions: 3298COMMON

Download Yara Rule

Strings

ggxz, xrefs: 001F2685
3<, xrefs: 001F32D6
mlc@, xrefs: 001F275C
`tii, xrefs: 001F2693
{l`~, xrefs: 001F268C
:, xrefs: 001F32DD
|}&C, xrefs: 001F2F21
aenQ, xrefs: 001F276A
f@~!, xrefs: 001F25FF
fedc, xrefs: 001F2782
Cx, xrefs: 001F453D
%*+(, xrefs: 001F40EF

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
API String ID: 0-786070067
Opcode ID: 30a60c3b8fa762515053b637ad9bbaa6b1233a9539c00740d1277bea9ab5b479
Instruction ID: b0acdcd3543c47b3693812f10dceac83cec0d837c1a4741f7f4d8b6145c1c614
Opcode Fuzzy Hash: 30a60c3b8fa762515053b637ad9bbaa6b1233a9539c00740d1277bea9ab5b479
Instruction Fuzzy Hash: 68339C70504B818BD7258F38C590773BBE1BF16304F58899DE5EA8BB92C735E906CBA1

Function 001E9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

WH, xrefs: 001EAA1C
_Y, xrefs: 001EA641
hi, xrefs: 001EAB9D
N[, xrefs: 001EA375
JG, xrefs: 001EAA27
]{, xrefs: 001EA1E7, 001EA1F3
?m,o, xrefs: 001EA13C
WQ, xrefs: 001EA62B
%e6g, xrefs: 001EA152
CG, xrefs: 001EAA32
/), xrefs: 001EA66D
S], xrefs: 001EA636
Gt, xrefs: 001E9FF8
(a*c, xrefs: 001EA147
sm, xrefs: 001EA830
kW, xrefs: 001EA380
=], xrefs: 001EA36A

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: 518a053412065bd5c69fe554ce0ab2bc9c190428941bded5af48841d22286567
Instruction ID: f028f20e79a420335cdc98401f3f0bb3639c9d754345785e8393e4eb3b37aa04
Opcode Fuzzy Hash: 518a053412065bd5c69fe554ce0ab2bc9c190428941bded5af48841d22286567
Instruction Fuzzy Hash: A952C7B844D385CAE270CF26D581B8EBAF1BB92740F608A1DE1ED9B255DB708045CF93

Function 001E9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

T#a-, xrefs: 001E9AE3
z=Q?, xrefs: 001E9826
G+X5, xrefs: 001E9AF3
,A&C, xrefs: 001E982E
pq, xrefs: 001E99E0
?M0K, xrefs: 001E9968
X/R), xrefs: 001E9AEB
8;, xrefs: 001E9B13
L3Y=, xrefs: 001E9B03
O+f), xrefs: 001E9634, 001E963D
;IJK, xrefs: 001E983E
2A"_, xrefs: 001E9980
B7U1, xrefs: 001E9AFB
B?Q9, xrefs: 001E9B0B
!E4G, xrefs: 001E9836
G'M!, xrefs: 001E9ADB

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 008147cefbfb7770b1c0de98133ba672efd556b25a9cfa37b658a2ed5c7a4f75
Instruction ID: 0cde8ca9fe89b60a1b77c448b4d2f0a90a5ff1245a09e9fd52192d115049d64e
Opcode Fuzzy Hash: 008147cefbfb7770b1c0de98133ba672efd556b25a9cfa37b658a2ed5c7a4f75
Instruction Fuzzy Hash: EEF13DB4408384ABD310DF16D881A2FBBF4BB9AB48F144D1CF4D99B252E374D949CB96

Function 001EDD29 Relevance: 14.9, Strings: 11, Instructions: 1142COMMON

Download Yara Rule

Strings

n\+H, xrefs: 001EDDC0
%*+(, xrefs: 001EE143
,Q?S, xrefs: 001EE26F
{E, xrefs: 001EE323
upH}, xrefs: 001EDE8A, 001EE798, 001EDF4A
=]+_, xrefs: 001EE276
-M2O, xrefs: 001EE25A
hX]N, xrefs: 001EDDC7
<Y.[, xrefs: 001EE27D
Y9N;, xrefs: 001EE245
)IgK, xrefs: 001EE261

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
API String ID: 0-1557708024
Opcode ID: 16e045785e6dec5558a5ae19f860de298653fc715b3cba9e427cabe567af82cd
Instruction ID: 7ca6d0021d3f8959539b2f1251cc60580b61186da97caf0845ffb91cb0461671
Opcode Fuzzy Hash: 16e045785e6dec5558a5ae19f860de298653fc715b3cba9e427cabe567af82cd
Instruction Fuzzy Hash: 7B920171E00645CFDB08CF69D8516AEBBF2FF99310F298168E516AB391D731AD12CB90

Function 003812EE Relevance: 12.9, Strings: 9, Instructions: 1663COMMON

Download Yara Rule

Strings

k_B, xrefs: 00381D30
_[{, xrefs: 00381E59
YP{, xrefs: 00382033
ij}, xrefs: 00382440
I', xrefs: 00381BE3
F>}, xrefs: 0038222F
q{{, xrefs: 0038158D
xW;^, xrefs: 00382326
/Ev, xrefs: 003816DC

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: /Ev$F>}$YP{$_[{$k_B$q{{$xW;^$ij}$I'
API String ID: 0-4155289287
Opcode ID: a7df1ed4f92e8f51a15cad2b950f3b280b9241d8ef817860d50e668e0eb2c376
Instruction ID: f2b16670050444ec3863785239c5e156f136554a9c89dbb12018ccd0eaecf912
Opcode Fuzzy Hash: a7df1ed4f92e8f51a15cad2b950f3b280b9241d8ef817860d50e668e0eb2c376
Instruction Fuzzy Hash: F9B21BF360C6049FE304AE2DEC8567ABBE9EF94320F16893DE6C4C7744E93598058796

Function 003904F2 Relevance: 11.6, Strings: 8, Instructions: 1583COMMON

Download Yara Rule

Strings

C?6, xrefs: 00390825
Tz%~, xrefs: 003916E9
.t;, xrefs: 003910C3
w!W, xrefs: 0039099D
7s<, xrefs: 00391183
i$}o, xrefs: 0039102A
g5w', xrefs: 00391737
oE;, xrefs: 00391213

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: w!W$.t;$7s<$C?6$Tz%~$g5w'$i$}o$oE;
API String ID: 0-4055447445
Opcode ID: dfef9eef9c38648992fe31952075163117025b9af4e1095945ca7c57dceb51ca
Instruction ID: fe3b76603eaf77e77b8b7eba1adcf2721ee8b1eaec72f374f5409cfe382d7a40
Opcode Fuzzy Hash: dfef9eef9c38648992fe31952075163117025b9af4e1095945ca7c57dceb51ca
Instruction Fuzzy Hash: D4B2E0F360C2049FE304AE2DEC8567AFBE9EF94720F16492DEAC4C3744EA3558458B56

Function 001E098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

gce/, xrefs: 001E1073
,#15, xrefs: 001E0F94
&> &, xrefs: 001E0F89
%*+(, xrefs: 001E0A77, 001E0A86
9.5^, xrefs: 001E0F9F
{, xrefs: 001E1502
qrqp, xrefs: 001E1089
cah`, xrefs: 001E107E

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: d93f9ce84e0b865164248fc418d2079af52b3d5d79460171ec3f441c5c0dfa26
Instruction ID: 0bc8acd115dc86f973a1af2eabc54d84179e7a5fcffbb97abc9426f317df447a
Opcode Fuzzy Hash: d93f9ce84e0b865164248fc418d2079af52b3d5d79460171ec3f441c5c0dfa26
Instruction Fuzzy Hash: BA62BBB15083818BD330CF15D895BAFB7E1FFAA314F08492DE49A8B681E7759981CB53

Function 003789D6 Relevance: 9.1, Strings: 6, Instructions: 1614COMMON

Download Yara Rule

Strings

Q,g, xrefs: 00379A0D
@S@b, xrefs: 00379780
vzs, xrefs: 0037987E
Sw~, xrefs: 00379860
kC, xrefs: 00379C14
i{}, xrefs: 00378E44

Memory Dump Source

Source File: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: @S@b$Q,g$Sw~$i{}$vzs$kC
API String ID: 0-867606107
Opcode ID: 4ba501de9545380823eba679ef38c95daedf7431549e54a84871b6560de03464
Instruction ID: 937adfad43d27cb6c42997d2dfe3f058121785aee4a92d73c061e137a0a5f9c9
Opcode Fuzzy Hash: 4ba501de9545380823eba679ef38c95daedf7431549e54a84871b6560de03464
Instruction Fuzzy Hash: 77B218F3A0C204AFE304AE2DDC8567AF7E9EF94720F164A3DEAC5C7740E63558058696

Function 0038995F Relevance: 9.1, Strings: 6, Instructions: 1598COMMON

Download Yara Rule

Strings

u4r, xrefs: 0038A221
!OlZ, xrefs: 00389B08
fO~m, xrefs: 003899CC
QXW, xrefs: 00389D0E
[gW, xrefs: 0038A7F9
WR;n, xrefs: 0038A6BE

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: !OlZ$QXW$WR;n$fO~m$u4r$[gW
API String ID: 0-1685242917
Opcode ID: 37be7c7cbc178357d91995f28ebd465d4d45241b33bd7938ae51ba5cf74d2b19
Instruction ID: 8b4bf44a608ea92fa7d7edd87c2df5419719ede0a06925577de046fbf7935a5b
Opcode Fuzzy Hash: 37be7c7cbc178357d91995f28ebd465d4d45241b33bd7938ae51ba5cf74d2b19
Instruction Fuzzy Hash: D9B217F3A082049FE704AE2DEC8567AFBE9EF94620F1A493DE6C4C3744E53598058797

Function 00392846 Relevance: 8.5, Strings: 6, Instructions: 971COMMON

Download Yara Rule

Strings

tQ?}, xrefs: 00393013
Ya*s, xrefs: 00392ACA
bgl{, xrefs: 003930A9
%N9, xrefs: 00393069
pzu\, xrefs: 00392DE4
S/u, xrefs: 0039307E

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %N9$S/u$Ya*s$bgl{$pzu\$tQ?}
API String ID: 0-2200630118
Opcode ID: 79c0eeb2be231642e8b01a6d6b3a8974e4253622817db5422aff001f2c3d4e46
Instruction ID: 0e64ac9974d80883fe13163c5727e788db21e5a7c62c9c2d8f7589eec4618247
Opcode Fuzzy Hash: 79c0eeb2be231642e8b01a6d6b3a8974e4253622817db5422aff001f2c3d4e46
Instruction Fuzzy Hash: 935258F39082149FD3046E2DDC4567AFBEAEFD4620F1A863DEAC4C3744EA3599058687

Function 0037C02A Relevance: 7.9, Strings: 5, Instructions: 1653COMMON

Download Yara Rule

Strings

>b~, xrefs: 0037C996
I/g, xrefs: 0037C357
!yi~, xrefs: 0037CBF2
BI^), xrefs: 0037D19C
;y{, xrefs: 0037C85D

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: !yi~$;y{$>b~$BI^)$I/g
API String ID: 0-690780269
Opcode ID: 06b15f319133c2d29854076280d560a1f86c05d3d9f6e708ee37e69b27ad1c2e
Instruction ID: 39b5034b9a671989447f3a23f9afec8ee8a35f45073a28e2dd7ce485947cc5a8
Opcode Fuzzy Hash: 06b15f319133c2d29854076280d560a1f86c05d3d9f6e708ee37e69b27ad1c2e
Instruction Fuzzy Hash: E4B228F3A082049FD304AE2DEC8567AFBE9EF94720F16863DEAC4C7344E97558058697

Function 00382D90 Relevance: 7.9, Strings: 5, Instructions: 1619COMMON

Download Yara Rule

Strings

O)}], xrefs: 003838BC
X_, xrefs: 00383DAE
ASu9, xrefs: 00383E0E
&Ou, xrefs: 00382DFA
a8k{, xrefs: 003838C2

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: &Ou$ASu9$O)}]$a8k{$X_
API String ID: 0-2444974280
Opcode ID: 84819cbc8b13c98aa58758ec9ef1e34750be2c3a8b9eef8571d960926026c42e
Instruction ID: a5d5e4d98984ce1d7fdae3312595a80364fe297e8c35fd5fab6dad50bae9f839
Opcode Fuzzy Hash: 84819cbc8b13c98aa58758ec9ef1e34750be2c3a8b9eef8571d960926026c42e
Instruction Fuzzy Hash: 43B216F360C2009FD704AE2DEC8567ABBE9EF94720F16892DE6C4C7744EA3598418793

Function 00384865 Relevance: 7.8, Strings: 5, Instructions: 1599COMMON

Download Yara Rule

Strings

u5O, xrefs: 0038503B
:Y_y, xrefs: 003850BC
eW], xrefs: 00385632
F-y, xrefs: 003858E8
9}7, xrefs: 003856D3

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: :Y_y$F-y$u5O$9}7$eW]
API String ID: 0-2268510194
Opcode ID: c04f098fc0514d3107cdb09b563cc95b2229f6a1fad7323044dd21cb0c4a01e1
Instruction ID: ba8abad3d2f97e25e94a05e7b0ab34715d84d6faa87a78557109ab57cca2017d
Opcode Fuzzy Hash: c04f098fc0514d3107cdb09b563cc95b2229f6a1fad7323044dd21cb0c4a01e1
Instruction Fuzzy Hash: 2DB229F3A0C6049FE3046E2DEC8567AFBE9EF94320F1A493DE6C4C7744EA3558058696

Function 0038647F Relevance: 7.8, Strings: 5, Instructions: 1521COMMON

Download Yara Rule

Strings

*Ymm, xrefs: 0038763A
*8, xrefs: 0038679D
-]~, xrefs: 0038651B
n]k, xrefs: 003870F3
sE?, xrefs: 00386A4F

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: *Ymm$n]k$sE?$*8$-]~
API String ID: 0-2567130702
Opcode ID: 4f70bf9d4743aacc1570c80782800ca44677b7affb2d32c858ca84a93362219d
Instruction ID: 2d6f667523b72ec232900c1cd8cfe0a74587ddf5421e0db73acbfffe9a331a6f
Opcode Fuzzy Hash: 4f70bf9d4743aacc1570c80782800ca44677b7affb2d32c858ca84a93362219d
Instruction Fuzzy Hash: 1AA228F3A0C2049FE304AE2DEC8567ABBE9EF94720F16493DEAC4C3744E67558058697

Function 0037A430 Relevance: 6.7, Strings: 4, Instructions: 1693COMMON

Download Yara Rule

Strings

dpl., xrefs: 0037AEE2
~/}w, xrefs: 0037B07E
5W>\, xrefs: 0037B232
?y;, xrefs: 0037B295

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: 5W>\$?y;$dpl.$~/}w
API String ID: 0-631270746
Opcode ID: fb5cdfd242a73fa23c82d56879e5fbadd671f553c7c38d878769e41af8393af6
Instruction ID: a0e6d58e2a089a47fdfa7fd108e7a9ad8d70a075d1c92a6633fda6fd068a558b
Opcode Fuzzy Hash: fb5cdfd242a73fa23c82d56879e5fbadd671f553c7c38d878769e41af8393af6
Instruction Fuzzy Hash: 96B249F36083049FE3046E2DED8567AFBE9EFD4220F16463DEAC4C7744EA3598058696

Function 001EFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

m1s3, xrefs: 001EFEC3, 001EFECB
NA_I, xrefs: 001F036D
uvw, xrefs: 001EFE95
:, xrefs: 001F0087

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: 0fe19a905594bf89bc0bb2ca2c846bedb27840fb63809da82e1e21a9cb892dd0
Instruction ID: 9123999f1dbfdac4cb48eddf00a879d83fb20cc725167406c06f17c797f88d38
Opcode Fuzzy Hash: 0fe19a905594bf89bc0bb2ca2c846bedb27840fb63809da82e1e21a9cb892dd0
Instruction Fuzzy Hash: 5832B9B0508384DFD311DF29D884B2ABBE1AF99340F148A6CF6D58B2A2D735D915CF52

Function 001D3BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

ss, xrefs: 001D3C79
;z, xrefs: 001D3C87
%*+(, xrefs: 001D3EC4
p, xrefs: 001D3C80

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: edca7c3e01004983e9c4142fd566cab1a1c972291343a0c98ca1a43e94bc9290
Instruction ID: ae8d3d4f9a275aa803bb4913cb77f20e832c6307efec1a35db3db9da33cfb73a
Opcode Fuzzy Hash: edca7c3e01004983e9c4142fd566cab1a1c972291343a0c98ca1a43e94bc9290
Instruction Fuzzy Hash: 21024AB4810B00DFD760DF24D986756BFB5FB05300F50895DE8AA9B796E330A419CFA2

Function 00387DF7 Relevance: 5.4, Strings: 3, Instructions: 1652COMMON

Download Yara Rule

Strings

0m:, xrefs: 00388CC9
Br{, xrefs: 00388EA7
znm, xrefs: 00388A37

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: 0m:$Br{$znm
API String ID: 0-771759156
Opcode ID: f421b9d12c5db7e8702f50272b23358985f24ab8b3b1596a44b07195a6a7f0fb
Instruction ID: e8184dbd89143587e3f616b32e52ddc4d03ecc314f626f65f9c8c15687573ccc
Opcode Fuzzy Hash: f421b9d12c5db7e8702f50272b23358985f24ab8b3b1596a44b07195a6a7f0fb
Instruction Fuzzy Hash: 30B209F3A0C2049FE3046E2DEC8567ABBE9EFD4720F16493DEAC5C3744E93558058696

Function 001E2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

a|, xrefs: 001E2317
lc, xrefs: 001E2507
hu, xrefs: 001E232F
sj, xrefs: 001E2327

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: c93f80fe59259609972bed231da50b995acb89abf569be80a2c52f2f65de7b7b
Instruction ID: 9a6b9175382ef16513568d7f947419731ccacc69f803cf856923c3d8466702a3
Opcode Fuzzy Hash: c93f80fe59259609972bed231da50b995acb89abf569be80a2c52f2f65de7b7b
Instruction Fuzzy Hash: 69A1ADB04087818BC720DF19C8A1A6FB7F4FFA5754F188A0CE8D99B291E375D941CB96

Function 0037DBA6 Relevance: 5.4, Strings: 3, Instructions: 1631COMMON

Download Yara Rule

Strings

BVr, xrefs: 0037E35F
@m , xrefs: 0037E8A9
'B], xrefs: 0037EBDB

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: BVr$'B]$@m
API String ID: 0-2756803687
Opcode ID: 5822441af7e550e54a886111c44d3de1247bb3591a01b13d2b8dc0d359c61dd8
Instruction ID: 18abef0dd87d27130f8c68e8fa19ff4831ccfc3480f0eac0cfa4aa93497a8869
Opcode Fuzzy Hash: 5822441af7e550e54a886111c44d3de1247bb3591a01b13d2b8dc0d359c61dd8
Instruction Fuzzy Hash: C9B2E7F3A082009FE3046E2DDC8567ABBE9EF94720F1A893DE6C4C7744E63598458697

Function 0038EA5B Relevance: 5.4, Strings: 3, Instructions: 1609COMMON

Download Yara Rule

Strings

p_?, xrefs: 0038ECFA
qW{_, xrefs: 0038FC7B
uW{_, xrefs: 0038FC73

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: p_?$qW{_$uW{_
API String ID: 0-2454325210
Opcode ID: 588b96af0a6b6e545dfba89f7fe4db1a8a54b0682bb05cc302caa3ce3f7b8f2d
Instruction ID: 811865c88668c2283cb9809b34c1279dd6d71504abad4825c006f683cc98a3f1
Opcode Fuzzy Hash: 588b96af0a6b6e545dfba89f7fe4db1a8a54b0682bb05cc302caa3ce3f7b8f2d
Instruction Fuzzy Hash: FBB2F5F3A0C2009FE7046E2DEC8577ABBE9EF94620F1A463DEAC4C3744E97558058697

Function 0038CF87 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON

Download Yara Rule

Strings

tjN{, xrefs: 0038D0D4
WaS, xrefs: 0038D087
b(w, xrefs: 0038D6D4

Memory Dump Source

Source File: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: WaS$b(w$tjN{
API String ID: 0-1041321892
Opcode ID: 74e901030531b3c56235930cbd3edc274aefe2e0cf05e5e875b2d9335839a5b2
Instruction ID: f4b005ca00507e0498909e58bbe4f99529a4bc199e7ba81dbbfeb9a9a0cfd22a
Opcode Fuzzy Hash: 74e901030531b3c56235930cbd3edc274aefe2e0cf05e5e875b2d9335839a5b2
Instruction Fuzzy Hash: DFB2F5F3A0C214AFE3046E29EC8567ABBE9EF94320F16493DE6C5C7740EA3558418797

Function 001ED7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

#', xrefs: 001ED9EA
CV, xrefs: 001ED98B
KV, xrefs: 001ED97D
T>, xrefs: 001ED984

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 2d07ef6276974f47c065fe7795da3ffa6909d23b8c8ad90824ddb20216f80be1
Instruction ID: 8753f4706fb9c0c6e252c2e5bc7238122ed418b228e986882fbb63cf3e999b03
Opcode Fuzzy Hash: 2d07ef6276974f47c065fe7795da3ffa6909d23b8c8ad90824ddb20216f80be1
Instruction Fuzzy Hash: F48166B4801B499BCB20DF96D68556EBFB1FF16300F20460CE486AB756C330AA55CFE2

Function 001EAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

4c2a, xrefs: 001EACA9
lk, xrefs: 001EACBC
(g6e, xrefs: 001EACA1
,{*y, xrefs: 001EAD07, 001EAD13

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: eb91ccc52a1a9aedaca8e774188b0d46f27e6fd160ad23dbb86487fcef8046e6
Instruction ID: 63c9a275b9b342eedac600d93e1174287f6c3225befe3311699d8d90a9b51d1f
Opcode Fuzzy Hash: eb91ccc52a1a9aedaca8e774188b0d46f27e6fd160ad23dbb86487fcef8046e6
Instruction Fuzzy Hash: C94186B4808381CBD7209F20D904BABB7F4FF8A305F54995DEAC897261DB31D944CB96

Function 001EC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

~/i!, xrefs: 001EC537
%*+(, xrefs: 001EC9E4, 001EC9ED
%*+(, xrefs: 001EC8C3, 001EC8CB

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: fbfe795eae7f13bb004fb4ce3eb71664633548cd221ff7b9f9b3775a8f36f4ea
Instruction ID: ecaabd1dd8da74703c869cd441914a2d8229b83046af026e5c6da29645858a40
Opcode Fuzzy Hash: fbfe795eae7f13bb004fb4ce3eb71664633548cd221ff7b9f9b3775a8f36f4ea
Instruction Fuzzy Hash: 95E199B1518380DFE3209F25E885B5EBBE9FB95344F44882CE69987252D731D811CF92

Function 001C8590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 001C8616
), xrefs: 001C860C
IEND, xrefs: 001C89F0

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: b87636082f9b28239cd6d87e0ea8f2e7ec79476b9a4734423e6fadc419dd68b4
Instruction ID: ededc9957a67ce73fcd79067d850205766cbb0b3315d60852db89255f2df264e
Opcode Fuzzy Hash: b87636082f9b28239cd6d87e0ea8f2e7ec79476b9a4734423e6fadc419dd68b4
Instruction Fuzzy Hash: E8E1D2B1A087419FE310CF29C885B6ABBE0BBA4314F14492DF59997381EB75E915CBC2

Function 00204040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

f, xrefs: 0020420C
%*+(, xrefs: 002040A4, 002040AD

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: a8ebc95e14b5bb9dcf01b05ddfecf021ac2706797615b4613b8394e61b84efab
Instruction ID: 927278d5f199ca368aa02e0141b8a34208c24d9923b2bd9834b25b856a686a6c
Opcode Fuzzy Hash: a8ebc95e14b5bb9dcf01b05ddfecf021ac2706797615b4613b8394e61b84efab
Instruction Fuzzy Hash: 7B12ADB16183418FC714DF18C880B2FBBE6BBD9314F588A6CF69487292D731E955CB92

Function 001C35B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 001C360E
Inf, xrefs: 001C3607

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: a8d87859d688870858befef06fe5acf81e70a66010832b47a09f26d8b2aa3c4a
Instruction ID: 1e46be30335dfcb7abb1bf787b796189cb37271f94a611f9469d1a452cc0b7ed
Opcode Fuzzy Hash: a8d87859d688870858befef06fe5acf81e70a66010832b47a09f26d8b2aa3c4a
Instruction Fuzzy Hash: 87D1E671A083119BC718CF29C880B5EB7E1EBD8750F15CA2DF9A9973A0E775DD058B82

Function 001DFFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

BaBc, xrefs: 001E0197
Ye[g, xrefs: 001E00F6

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: b27805187e08b821c80794c3e355d131607b0987401a37b6c672a6c9ef7fb58f
Instruction ID: 71f9ecb6f0561f20a918a04f277dd0b0ea5d534d3968552c7a5588497839435d
Opcode Fuzzy Hash: b27805187e08b821c80794c3e355d131607b0987401a37b6c672a6c9ef7fb58f
Instruction Fuzzy Hash: 1B51BAB16087818BD332CF15C881BABB7E0FF9A350F19491DE49A8B651E3B49980CB57

Function 001C5160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 001C54C8

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 577908ab6adc53a431abd49a89e413eecd25032937ff1c497bd58c114bf719e3
Instruction ID: f26461e739a6ff1fdde29697beca5a3607a745fa999c4b98b69b604ed8060ca6
Opcode Fuzzy Hash: 577908ab6adc53a431abd49a89e413eecd25032937ff1c497bd58c114bf719e3
Instruction Fuzzy Hash: 0E22D1B6A08B428BE7198E19D940B26BBA3AFF0304F5D856DD8594B342E771FCC5C742

Function 001F12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 001F15D1

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: a2ea21a3e239d79f06e7f1b284dd38b329be6cc620936ed0c25480b2b046fc49
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 50F16771A08349AFC728CE24C490A7BBBE6AFD1350F18C56CE98A87382D731DC05C792

Function 001EAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 001EB2D3, 001EB2DB

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: bed0eb5050ae0f1bb2536cc256358ada8f0a3d70adaca76ccf37d8fb11df9b0b
Instruction ID: 6d045b7d0bc6e8004777deaad65c2b99349f7aaef1eb668f95dc91e7804a677a
Opcode Fuzzy Hash: bed0eb5050ae0f1bb2536cc256358ada8f0a3d70adaca76ccf37d8fb11df9b0b
Instruction Fuzzy Hash: 85E1CA75508B46CBC314DF2AD89056FB3F2FFA8791F55891CE4C587260E730AA59CB82

Function 001D6EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 001D6EF3

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: d67d6010afd106459246f76e7374dca94998c0d3a9c4d0e401114d992f5a7355
Instruction ID: a06c3db85ff60296b96746e45b4302c4c449393e28ddb242278ed042bd9ecb61
Opcode Fuzzy Hash: d67d6010afd106459246f76e7374dca94998c0d3a9c4d0e401114d992f5a7355
Instruction Fuzzy Hash: 25F17DB5600B01CFD724DF24E991A26B3F6FF58314B148A2EE49787B92EB35E815CB41

Function 001E7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 001E8263, 001E826B

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ee69cdaeb1893a74a86504e08337d12599b7b0ec1e9e8528c8beab109d7b7583
Instruction ID: 7a017928f06fdff536a51a21f71f5111f84bcda83db9c74c4e8a3c2c42f57b10
Opcode Fuzzy Hash: ee69cdaeb1893a74a86504e08337d12599b7b0ec1e9e8528c8beab109d7b7583
Instruction Fuzzy Hash: F2C1CE71508740ABD710AB16C882A2FB7F5EF95754F08881CF8C99B292E735ED11CBA2

Function 001E8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 001E9233, 001E923B

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 7f1ca7ce2094225925a7a75be5fc4d14fe9d5d1ed5ad04d602431d740f8a5831
Instruction ID: f4a70199907f6371aea8129331b5b00a05025ddde4f2d4d924c98aac94e0deae
Opcode Fuzzy Hash: 7f1ca7ce2094225925a7a75be5fc4d14fe9d5d1ed5ad04d602431d740f8a5831
Instruction Fuzzy Hash: 78D10070618342DFD708DF69EC95A6AB7E5FF99304F09886CF88687291DB70E890CB51

Function 00207FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 00208167

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 95885db66ff28dc5a40898bca68528c9615641b0a2fd113d9fe2d7e15a1c8a82
Instruction ID: 5d1c43600ecc659ac51dc7885ec827c8fdf66609bc49b0734eb743b0b6c7833b
Opcode Fuzzy Hash: 95885db66ff28dc5a40898bca68528c9615641b0a2fd113d9fe2d7e15a1c8a82
Instruction Fuzzy Hash: C2D1D3729183618FC725CE18E89072FB6E1EB85718F15862CE8A5AB3C2CB71DC16C7C1

Function 00206CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON

Download Yara Rule

Strings

"p , xrefs: 00207015

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: "p
API String ID: 0-3503887010
Opcode ID: 6934f870e7a6609c7ccace28546d8afa0d91b7fcd4ef3c88ddb14b3102c63edc
Instruction ID: b13c527feff5a8bdf8f9456bee59ed8554f8b3ac3ead5609e7dc129eb308fdd5
Opcode Fuzzy Hash: 6934f870e7a6609c7ccace28546d8afa0d91b7fcd4ef3c88ddb14b3102c63edc
Instruction Fuzzy Hash: 5CD10236618351CFC710CF38E8C456ABBE2BBA9314F098A6DE495C7391DB30DA55CB91

Function 001ECCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 001ECDC3, 001ECDCB

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: 8646985871733c51491c19e476315236c53cb4d0825f7aad7bf2024c149e607f
Instruction ID: 74ab9934027c59ed9bf3df9557bb80589da4cc7a23f4a63d3325f7a9f5768630
Opcode Fuzzy Hash: 8646985871733c51491c19e476315236c53cb4d0825f7aad7bf2024c149e607f
Instruction Fuzzy Hash: A1B1FF705087819BD714DF1AD891A3FBBE2EF95340F18482CE5C58B292E731E856CBD2

Function 001CA850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 001CA9C3

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: da1a05b0b155c67c2201d9492a28c94a911b739d4c381df047cf7195906107cb
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: F0B128701083859FD325CF58C890B1BBBE1AFA9708F448A2DF5D997342D671EA18CB57

Function 001FFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 001FFCA4, 001FFCAD

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 91c7d61953773d16ca765ad76ed21ee0c894ddc4d2998fb12b921a333fdf3b9f
Instruction ID: 7faf2334003e314fa35c5edfbf309f91d8d69837e0bc5b81b1438b2ddcddc7c5
Opcode Fuzzy Hash: 91c7d61953773d16ca765ad76ed21ee0c894ddc4d2998fb12b921a333fdf3b9f
Instruction Fuzzy Hash: B181D0B1118304EBD314DF64E889B2AB7F5FF99701F14882CF28487292D771D826CB62

Function 001DD457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 001DD663, 001DD66B

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c29c5e7a40ec1de0ad79c41f2feaeb33e888a4b47b0464ad5100bdec5f413989
Instruction ID: eda2975071cca5847d163f3c05af3be7089c5a7de17d99bdcf061755e1f826c0
Opcode Fuzzy Hash: c29c5e7a40ec1de0ad79c41f2feaeb33e888a4b47b0464ad5100bdec5f413989
Instruction Fuzzy Hash: 1B61C171904304DBD710AF18E882A6AB3B0FFA5354F04456DF98987392E775E951CB92

Function 00204A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00204C33, 00204C3B

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: a7cf0acc488b02c658a55cd69feb56aa26dff86268aa5186903291a6217ac40d
Instruction ID: 8f9965708d9d2cfa96b34aad68c1de6c456e1b22b3d7ac43bb7dd72b2f5cb0a0
Opcode Fuzzy Hash: a7cf0acc488b02c658a55cd69feb56aa26dff86268aa5186903291a6217ac40d
Instruction Fuzzy Hash: 1361E1B1A283029BE710EF15D880B2AF7E6EBC4318F18C91DE685872D2D771EC61CB51

Function 001CE1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 001CE333

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 4cf9da8a44a8a48aeadb25170f5347c6f6d79993df1d5a9b425cccdc0dc7ffc2
Instruction ID: 2b7362dbd667991a00dee5659823bcc4307a5d00e2a643af42332ec17b48cae4
Opcode Fuzzy Hash: 4cf9da8a44a8a48aeadb25170f5347c6f6d79993df1d5a9b425cccdc0dc7ffc2
Instruction Fuzzy Hash: E2510433A596D04BD328993C5C567A9AEC71BB2334B3EC76EE9B18B3E5D655C8008390

Function 00203920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 002039E3, 002039EB

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 495756830e0ae75cbd4063b49e7ac3826012c128f479683f4124f86d74f6b799
Instruction ID: b6afb8c07ec8585a04b8ab011fcfa0e8435afa37125faa6cd8da2f7fc1b59d74
Opcode Fuzzy Hash: 495756830e0ae75cbd4063b49e7ac3826012c128f479683f4124f86d74f6b799
Instruction Fuzzy Hash: 2F519D34629301DBCB24DF55D884A2AFBEAEF85744F14881CE4C687292D771DE20CB62

Function 001D1BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 001D1C3E

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: e6d30211492b4fb67b98567bc14ef0730a4bf6362526576055ef7fb8ecccbb93
Instruction ID: c5d323929bc0c86fa53334ec2302b3d68a9c6e19616cc0eacc397f17d83adda5
Opcode Fuzzy Hash: e6d30211492b4fb67b98567bc14ef0730a4bf6362526576055ef7fb8ecccbb93
Instruction Fuzzy Hash: 894172B4018380ABC714AF68D898A6FBBF0FF96314F04890DF9D59B291D736CA05CB56

Function 001FFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00200033, 0020003B

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c14c383dfcfb55821e601bf3de58d3709da8456a6218eb654bfbf376ca70f52d
Instruction ID: 8928fd6367077f3e6e1561c1a93cf7e502596c3ed91dfc0eab6a8a6ad90f938b
Opcode Fuzzy Hash: c14c383dfcfb55821e601bf3de58d3709da8456a6218eb654bfbf376ca70f52d
Instruction Fuzzy Hash: 7B31F771A14315ABE710EE14DC81F2BB7EAEB95744F544828F88587293E722DC25CB63

Function 002F2A9F Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

76}, xrefs: 002F2B89

Memory Dump Source

Source File: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: 76}
API String ID: 0-3105746599
Opcode ID: edea80b18c5c2651078f1f276dba8cba37f70246817dda791dcbaadd7e695924
Instruction ID: dbe2db442f0e1a84f6b9f6f8a6cacc1dab1a714f6be74339ce45079e69ae771a
Opcode Fuzzy Hash: edea80b18c5c2651078f1f276dba8cba37f70246817dda791dcbaadd7e695924
Instruction Fuzzy Hash: 4331F7F390C6245FF3546929DC8576BB799EB54720F1B453DDAC893780E93A9C0083C6

Function 001EE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 001EE6A2

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 302279a01a587cc19ba95483e63441fe8a9888327a8e6e8cdece49479c101db2
Instruction ID: 052e9b0d051ec870ce857ab6e53f591bcd7074756810ca616932017b965dbc14
Opcode Fuzzy Hash: 302279a01a587cc19ba95483e63441fe8a9888327a8e6e8cdece49479c101db2
Instruction Fuzzy Hash: D831BFB5900645CFCB20DF96E8849AEBBF5BB2A305F14482CE546AB201D731A915CBA2

Function 001D6F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 001D703B

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 0724fb92efa52f69a40c30b8587bcfe15fa468e5f61e291d38358370c97faaf9
Instruction ID: 54c76edaa6faf5cc10611b86e18646fbf320e36f13b4fb11e532835f00a15e2b
Opcode Fuzzy Hash: 0724fb92efa52f69a40c30b8587bcfe15fa468e5f61e291d38358370c97faaf9
Instruction Fuzzy Hash: 78414271215B04DBD7348F61D999B27B7F2FB4A700F148859E98A9BBE2E731F8008B50

Function 001EE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 001EE6A2

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 16800a5cc4d029119a8701b04be3e6b8d83cd9997659a19f4e0f403332fd1bdd
Instruction ID: 5c8ee5863694d0e22774d6985e8e4b56e2265b85e71613e26101ba73453c3ebb
Opcode Fuzzy Hash: 16800a5cc4d029119a8701b04be3e6b8d83cd9997659a19f4e0f403332fd1bdd
Instruction Fuzzy Hash: BC21D1B1900645CFC720CF96E884AAFBBF5BB2A700F18481CE546AB301D331ED01CBA1

Function 00209CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 00209D30

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: e1d12325b103564539e80c90da9b7c5dee2a928dfc25ceb9fa73caef78bf7f06
Instruction ID: 7385cf7849c4b39fcbfced49c2f0f77597a653b6d556427c84c3497f9b63b7db
Opcode Fuzzy Hash: e1d12325b103564539e80c90da9b7c5dee2a928dfc25ceb9fa73caef78bf7f06
Instruction Fuzzy Hash: B93176709183019BD310EF14D884A2BFBF9EF9A314F14892CE6C997292D375D954CBA6

Function 001D4E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66a8ac7f56d6f36c183142e71860e0446964c1da177b042e1998e8b26538006d
Instruction ID: 3fc3f49c4402ac67b89218ae2d531706ff1cab44854388a62b3a14575e713ef1
Opcode Fuzzy Hash: 66a8ac7f56d6f36c183142e71860e0446964c1da177b042e1998e8b26538006d
Instruction Fuzzy Hash: 4B6257B4500B408FD725CF24D990B27B7F6AF5A704F54892EE49A8BB52E735F808CB91

Function 001CBEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 31d3c8aae580f55487a3fc92d679c98ddc78535f8e7d5cd27a439835caef864b
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: F252C531A087118BC7299F18D4507BAB3E1FFE5319F298A2DD98A97290D734EC51CBC6

Function 00208652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c12368b22f2f09eabb986e2c4ec2bca94c98f990454792b241830dc380f95bca
Instruction ID: bb5b40a499631524ab3cd716b842960db104f55064372e29b9bf332b39b37561
Opcode Fuzzy Hash: c12368b22f2f09eabb986e2c4ec2bca94c98f990454792b241830dc380f95bca
Instruction Fuzzy Hash: 7B22FD35618341DFC704EF68E89466AB7F1FF99315F09886DE98987392CB31D8A0CB42

Function 002086F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84211c34b6aac9cf57f564afc687f8c0e33805bceba4fd447aabad79ee7bf85d
Instruction ID: ffd7a06bd3b28f0ec1e0edb7b3c7984b6a81219e3b5150021c4e5441b3b36a33
Opcode Fuzzy Hash: 84211c34b6aac9cf57f564afc687f8c0e33805bceba4fd447aabad79ee7bf85d
Instruction Fuzzy Hash: 0822BD35618341DFC704EF68E89461ABBF1FB99305F19896DE9C987352C735D860CB42

Function 001CB3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f9ee3b32ffa24a8c76befae6e0242cd37dbd5833f728f93f1f8a45e9f2cc4bf
Instruction ID: 9f721440cb48c6fc33e49fab2cd9555d8b220a6a6cf53b0632ce3d6e674e9e75
Opcode Fuzzy Hash: 4f9ee3b32ffa24a8c76befae6e0242cd37dbd5833f728f93f1f8a45e9f2cc4bf
Instruction Fuzzy Hash: 2D52C37090CB848FE735CB24C0C6BA7BBE2AFA5314F144D2DC5E686A82C779E885C755

Function 001C71F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41dd9f846a867d5d3bc6b0dc7197869b0d427f08fe80fe359bc2cfbe0ccadd68
Instruction ID: 7845b49cf6ee6048c4519695a646ea24a7624a89dfc10a7c2c1218ba572fc1f8
Opcode Fuzzy Hash: 41dd9f846a867d5d3bc6b0dc7197869b0d427f08fe80fe359bc2cfbe0ccadd68
Instruction Fuzzy Hash: B052B13150C3458FCB19CF29C090BAABBE1BF98314F198A6DE89957392D7B4D949CF81

Function 001C8FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45271619b808d30f1bb40760f40f0db83991e98e04c988694c159bb3d45e569e
Instruction ID: 5072507f7fae08b0329c4d564807c079a58ba0e7ddb7a17e0bc9d26805794894
Opcode Fuzzy Hash: 45271619b808d30f1bb40760f40f0db83991e98e04c988694c159bb3d45e569e
Instruction Fuzzy Hash: BC425975608341DFDB08CF28E858B6ABBE1BF88315F0A886DE49587392D735D985CF42

Function 001C7BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1094005aca78b2e1239eb8da418c02fb3a4de4e68574edb87bc72d714048ff45
Instruction ID: 1e88538af40cce0aacad38c37aebba53d50d8f9ef5a77d5518eb5e1ca2a694b7
Opcode Fuzzy Hash: 1094005aca78b2e1239eb8da418c02fb3a4de4e68574edb87bc72d714048ff45
Instruction Fuzzy Hash: FE322170514B118FC328CE29C5D0A2ABBF2BF65710B644A2ED6A787F90D776F845CB10

Function 002089A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06558bd170a353fa35d73a7a69ad18b64761633309fd8e79ec3dd65956d75e73
Instruction ID: 5fce63b857eae263e4e47b86bc2aa393dff04a752421388656d3e456f496b9e5
Opcode Fuzzy Hash: 06558bd170a353fa35d73a7a69ad18b64761633309fd8e79ec3dd65956d75e73
Instruction Fuzzy Hash: 8902BB34618341DFC704EF28E88461AFBE5EF9A305F19896DE8C987362C735D960CB92

Function 00208A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52f9d6968f495827408aa792635e4abb17ac145b4edda7226d35f340faf67fd6
Instruction ID: dfb41ac69c5e1c6fb8693c7ee12c74736498660693eff9a9534c40068e2c4f56
Opcode Fuzzy Hash: 52f9d6968f495827408aa792635e4abb17ac145b4edda7226d35f340faf67fd6
Instruction Fuzzy Hash: E0F1AB3161C341DFC704EF28E88461AFBE5EF9A305F19896DE8D987252C736D960CB92

Function 00208C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34be1e40ec9444d39abdf727813f76464b69881303efd57bfa799661ca047ed5
Instruction ID: 2f99a88865297c00d5ae1a98953138501d6f9bec8f840e19da87f67260a4de65
Opcode Fuzzy Hash: 34be1e40ec9444d39abdf727813f76464b69881303efd57bfa799661ca047ed5
Instruction Fuzzy Hash: 06E1C031618341CFC304EF28E88466AF7E6FB9A315F19896DE8D987392D735D950CB82

Function 001CA300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: 518c1a41cef024ffdbbec1de7837baad2f5ba9702933babb02ef17cca73a23cd
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: C9F1AD756083458FC725CF29C881B6BBBE2AFE8304F48882DE5C987751E735E945CB92

Function 00208E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68feef2c6a535de8157450fe69477b021110bac4dd4dfd99aa2dab2cbf7295f2
Instruction ID: 66e761e90d28414d9435d2f0b7ec751268a46bd1f1ce2e9de987a36c8c97e528
Opcode Fuzzy Hash: 68feef2c6a535de8157450fe69477b021110bac4dd4dfd99aa2dab2cbf7295f2
Instruction Fuzzy Hash: CBD1BD3061C341DFD304EF28E88462AFBF5EB9A305F59896DE4D987292C736D860CB52

Function 001D4487 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc0b191e8b5e5377e5748a653a7602e0ac4cfc6e63d9e67ea2ef88cb0c9366b1
Instruction ID: 00424a95f3ccfda3ca60700b93bb6cc6967e358e4f320fd76a0d63bd184e0cab
Opcode Fuzzy Hash: fc0b191e8b5e5377e5748a653a7602e0ac4cfc6e63d9e67ea2ef88cb0c9366b1
Instruction Fuzzy Hash: 0DE1E1B5501B008FD365CF28E9A6B97B7E1FF0A708F04886DE4AA87B52D735B814CB54

Function 00207AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 413620c0cb69c90a6a398cbb29bb2dc5e4a9a9566ab0b3f46cdade1a8fe9a3f0
Instruction ID: 3a29a4a254c1d1c744fc707525670b0724ee688276a78bf6c7c5e7911c54c313
Opcode Fuzzy Hash: 413620c0cb69c90a6a398cbb29bb2dc5e4a9a9566ab0b3f46cdade1a8fe9a3f0
Instruction Fuzzy Hash: ADB12472E183504BE314DE28CC45B6BB7E9ABD5314F08492DE999973C3EB31EC158B92

Function 001CAF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: e1cabb59fae3cbb2d712d1cdc4168d39aea1b79dc1b6e7c4c9c5beb03b09241b
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: F2C159B2A487418FC360CF68DC96BABB7E1BF85318F08492DD1D9C6242E778E155CB46

Function 001D6536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd8b32dc2476087d33fba479067ffffb8ba11d56271f238b0aae9b4e049c086c
Instruction ID: 86c238c2929c4215270908e29c27f850d785b205386afac6481f2660706d78c1
Opcode Fuzzy Hash: cd8b32dc2476087d33fba479067ffffb8ba11d56271f238b0aae9b4e049c086c
Instruction Fuzzy Hash: F8B100B4600B408FD321CF24D991B67BBF2AF56704F14885DE8AA8BB52E735F805CB95

Function 00207710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a99a799bf70e72d6b52443fd17c7fc47992b462e50811a8ea2ed1282546c7715
Instruction ID: d0838492e14cf4023bb62aa4049b12699d4b53a5ae5828e2604fc4dd393c0082
Opcode Fuzzy Hash: a99a799bf70e72d6b52443fd17c7fc47992b462e50811a8ea2ed1282546c7715
Instruction Fuzzy Hash: 75917E71A18301ABE720DF14DC45BABB7E5EB85354F54881CF984973D2E730E960CB92

Function 0020A0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00500bca98a6823be0f6c8eb879b61ddf48f0199fc45c76b30d999499751926d
Instruction ID: 43c6fa3cf8863173eb2b096cb159f615d153886e67c47e9098539e13fc666371
Opcode Fuzzy Hash: 00500bca98a6823be0f6c8eb879b61ddf48f0199fc45c76b30d999499751926d
Instruction Fuzzy Hash: 1D8182342187028FD724DF28D881A2EB7F5FF59740F85896CE98587292E731EC21CB92

Function 001F64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7de0a673b77ba50390547536011c5ce4050c0f4d236451441c9badd5ad269989
Instruction ID: 84deb2278d2e102ea32dfc7524543dd2276afa3a522f6e13e70109e2bb8a904f
Opcode Fuzzy Hash: 7de0a673b77ba50390547536011c5ce4050c0f4d236451441c9badd5ad269989
Instruction Fuzzy Hash: 2371E433B29A944BC3189D7C5C863A5BA934BD6334B3EC379AAB4DB3F5D6294C064340

Function 001E28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3933141b926bb180d028a7be9e7b573fe30a55ffdd1700d557e0db4720c1dee2
Instruction ID: 7bdb6658f00675e17ef6086d7c8ac06e8e5c1a62cf5c8d79f91186f54affc54f
Opcode Fuzzy Hash: 3933141b926bb180d028a7be9e7b573fe30a55ffdd1700d557e0db4720c1dee2
Instruction Fuzzy Hash: D8617AB44083808BD310AF1AE861A2EB7F4EFA6750F18491CE4C58B261E379D911CB56

Function 001E7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4598c6d5249123c240ccb5dfac33d2f3d5200285b90fae1c034b2ce3b6d6c136
Instruction ID: fa538ebd03e03b83691aff9a1844a9e770f209129d07dff36d293d7db87ce8a7
Opcode Fuzzy Hash: 4598c6d5249123c240ccb5dfac33d2f3d5200285b90fae1c034b2ce3b6d6c136
Instruction Fuzzy Hash: 3C51E1B06086459BEB209B65CC82BBB73B8FF95358F144958F9898B2D1F371DC01C761

Function 001F1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: 69053e93b15fdf3e6f42cb0d23df789566ae1b09ed8b5798ff0b858f02e24225
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: F361CE31609349FBD718CE29C59033EBBE2BBC5390F69C92DE6898B255D3B0DD819781

Function 001F82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95d37c643b780414944d05f973fe3f646b21126077f3399d29c85f87b51048b9
Instruction ID: ddab33c92c9a2cce906d595085126872eac189a8fee34ab5fe05f0daeebaf8e6
Opcode Fuzzy Hash: 95d37c643b780414944d05f973fe3f646b21126077f3399d29c85f87b51048b9
Instruction Fuzzy Hash: EE613723B5AA954BC319453C5C593B6AA832BD2330F3FC3659AB58B3F5CF7988024341

Function 00332DAE Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4d9315c1cfcab01f97ec5e59b041868316219c3d8edc060a51d646c017279ab
Instruction ID: f14778d19984853ed63be18f5138d286fcd93b4d7756e57c1aa842174a29da3a
Opcode Fuzzy Hash: a4d9315c1cfcab01f97ec5e59b041868316219c3d8edc060a51d646c017279ab
Instruction Fuzzy Hash: D2613AF39082109BE7446E3CDD4677ABBE9EF54320F0B4A3DE6C5D3784E97889048686

Function 001D42FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 269726f799415e3edbbf834570b681a1646f41da6baf77b48287871521e3f7a9
Instruction ID: fa012dd9aaf59ad624bf72a70a08e27c45a18a865caa7d07108c1d0ec8482948
Opcode Fuzzy Hash: 269726f799415e3edbbf834570b681a1646f41da6baf77b48287871521e3f7a9
Instruction Fuzzy Hash: D581C1B4810B00AFD360EF39D947757BEF4AB16201F404A2DE4EA96695E730A459CBE3

Function 00400444 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3ec71c0c8853dad487ab5a349328fcbdf3f02e3ee244a8d300538e509274dc2
Instruction ID: 732f6904f4c323ff7f6e851a5c2b8eff1f8ff9fdf37f0078cf284d80c6945d8c
Opcode Fuzzy Hash: e3ec71c0c8853dad487ab5a349328fcbdf3f02e3ee244a8d300538e509274dc2
Instruction Fuzzy Hash: DF510BF251C604AFE304AF29EC8577AF7E5EF84710F15893EE6C583780E6781845869B

Function 001FE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: 3abf8d3d25e8e86b65030d21cc5cc93da3d9f219029b392100924938b024a233
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: A2515BB15083548FE314DF69D49436BBBE1BBC5318F044A2DE5E983391E379D6088F82

Function 00207520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee950b9f26ab5f55a88dbb7f2edf5cb717e1195a0fb4dd2e5acd09fd15751da2
Instruction ID: 83a9d989adbc772688fa355ab6fd52a5e4918e6ceab19f285df2ae9e19ec3757
Opcode Fuzzy Hash: ee950b9f26ab5f55a88dbb7f2edf5cb717e1195a0fb4dd2e5acd09fd15751da2
Instruction Fuzzy Hash: FA510531A2C7109BC7159E18DC90B2EF7E6EB85354F688A2CE8D5573D2C632EC218B91

Function 001C5A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 179d768e2aff3c21e50e2fbdadfdd821366f5ea58d78881cb3161a0cd1260367
Instruction ID: 406b3664c3a6c4b41d03eb8aa03d61e7e4a73cb10e80afacd0dbb7859e2532f0
Opcode Fuzzy Hash: 179d768e2aff3c21e50e2fbdadfdd821366f5ea58d78881cb3161a0cd1260367
Instruction Fuzzy Hash: 5751B0B1A047049FC714DF18C891F26B7A6FFA5364F15466CE89A8B352D731EC82CB92

Function 0029B6D9 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ba33fd9f6f7237895c3961972300de2711afdec88c8abc9e88e0382d9a75cf3
Instruction ID: 58d05e7e7c32c8d5d9346ae2cfbc60380d567660afe80a8a8742457fa3c6ee49
Opcode Fuzzy Hash: 3ba33fd9f6f7237895c3961972300de2711afdec88c8abc9e88e0382d9a75cf3
Instruction Fuzzy Hash: 1D41E8F364C2048FE314AE29EC8577AB7D9EF94320F15853DEAC4C3780EA7998458756

Function 001EEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88bc016122bba6fe046e4f11cbcd0934974ba1b617014cabf307cdeddcd02d10
Instruction ID: ad3224d448d56b91f1fa96d3a6e71d3a470e7e2ef9206b8a8de6bab8c729b60e
Opcode Fuzzy Hash: 88bc016122bba6fe046e4f11cbcd0934974ba1b617014cabf307cdeddcd02d10
Instruction Fuzzy Hash: 0241CE7890075ADBDF208F95DC91BADB7B0FF1A300F144548E945AB3A1EB38A960CB91

Function 00209B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb76f6b77c96f461821d9909b7488eac4f5f17ec39ce3fab4f8d10919e4b6801
Instruction ID: 9109f024ba18784c23b6195c68ae4c31102b52b986096d9b3f2a705b4c7f4ee7
Opcode Fuzzy Hash: fb76f6b77c96f461821d9909b7488eac4f5f17ec39ce3fab4f8d10919e4b6801
Instruction Fuzzy Hash: 0A41AF34618301ABE710DF14D990B2BF7F6EB99714F54882DF58A87293C331E861CB62

Function 001D2030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a8798a05b6c2486bde992d811814e833f5a3533acc020d16677e5924d88fb2f
Instruction ID: 372a409ed676ee595d93643995597cbf62be6651ed9f0f7e43f86df95bb11332
Opcode Fuzzy Hash: 3a8798a05b6c2486bde992d811814e833f5a3533acc020d16677e5924d88fb2f
Instruction Fuzzy Hash: 8141F572A083654FD35CCF2984A063ABBE2ABD5300F19C62EF4E6873D1DBB48945D781

Function 001D1E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1966c12706587b5bd191a55c0d95c9c5a566214d24dbd0073283077fc71f0a1
Instruction ID: 05ea6f1da4cc74997d2106db266e6efc6861570917868f5cf4cc4fb632aecb52
Opcode Fuzzy Hash: d1966c12706587b5bd191a55c0d95c9c5a566214d24dbd0073283077fc71f0a1
Instruction Fuzzy Hash: FE410F7450C380ABC320AB58D888B2EFBF5FB96744F14491DF6D497392C37AE8148B66

Function 00208D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeabff2fb6dc5d36fa0f590aa9afdfcfe0c500b3cd001bb7bc6a4c1a854bd8a4
Instruction ID: de3f2ed91c40c6feb38ad7c45cfed3592ccd6409c41893e297fea337c043fb7b
Opcode Fuzzy Hash: eeabff2fb6dc5d36fa0f590aa9afdfcfe0c500b3cd001bb7bc6a4c1a854bd8a4
Instruction Fuzzy Hash: 2241CE316183518FD704EF68C49062FFBE6AF9A300F098A2ED4D5972A2DB74DD158B82

Function 001DD961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43b0149e7048e41bcccbd9bb2c8c72443883699f04e0240634464dcef9c05d97
Instruction ID: 40705a5ada6baf2ce86a5bd5affb990747326c3bb783b4c04742d5607011b5a0
Opcode Fuzzy Hash: 43b0149e7048e41bcccbd9bb2c8c72443883699f04e0240634464dcef9c05d97
Instruction Fuzzy Hash: 3B41BCB56483818BD3309F14D885BABB7B0FFA6364F04495DE48A8B792E7758841CB93

Function 00368297 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3896ec4bdf8c023e919fe9f6ead863b4d16579d923c9a8079e40f681fd647895
Instruction ID: c2994916cf7a25bf2202f3ec56891c875266de2fa739b9ea66121f547cd82f7b
Opcode Fuzzy Hash: 3896ec4bdf8c023e919fe9f6ead863b4d16579d923c9a8079e40f681fd647895
Instruction Fuzzy Hash: DD3145B764C3084FE305EE6AECC4766B7D7EB84310F1AC23C9A8487784EA79680642C5

Function 00417B09 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25d636af433e6daa36f7fa2bc21413ffe89eef9e60f814d9ed006ad04dda116d
Instruction ID: 137ff5cd0bbc979a8f91f53ca202ba3b6ad5fe9bfd5bedab4cafa391bf67cdc8
Opcode Fuzzy Hash: 25d636af433e6daa36f7fa2bc21413ffe89eef9e60f814d9ed006ad04dda116d
Instruction Fuzzy Hash: 4B31AFF250C700AFD305BF29DC4566AFBEAEF98720F12891DE6C483714EA3194408A47

Function 001FF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: af73bce9e73e26713e3cff1877a09b93783ddbbb42a7fae2f3a46f0c18671aef
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: BE2137329082284BC3249B19C48063BF7E5EF99704F06863EEAC4A7295E7759C25C7E1

Function 002067EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd758f4a9f35400b5a7d672fb51631692f64bc6a2b2cc929560f2ebfa800de09
Instruction ID: c1be22a251f0c1d73af99d3e4a9f370c85b831c8e0fdc650240e5bf65ee389e3
Opcode Fuzzy Hash: fd758f4a9f35400b5a7d672fb51631692f64bc6a2b2cc929560f2ebfa800de09
Instruction Fuzzy Hash: 423136705183829AE714CF14C49462FBBF0EF96384F54980CF4C8AB2A2D334D999CB9A

Function 001E5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 438f7c7cdf60b3d67dcd9e68e185bd26ea4a2366f9c276bbf59ccddba2681a14
Instruction ID: 62fe05b289e57673fcfdbbee838c4719fe76b48318750f0778cd35c813133bbe
Opcode Fuzzy Hash: 438f7c7cdf60b3d67dcd9e68e185bd26ea4a2366f9c276bbf59ccddba2681a14
Instruction Fuzzy Hash: F7219F75508A419BC310AF29C85196FF7F5EF92768F488908F4D99B292E334C900DBA2

Function 001C49A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 38170074111a65c748df5d0ef8fbfb0ab129def600bebb06620d4695258bfa9f
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 7C31E33164C2109BD7149E58D8A1F2BB7E1EFA8359F18892CE89B8B241D331DC42CB86

Function 002064B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73ac3ecb4549ff96c937fde0dcb0f5090359c64454b728bfc753e186894df05d
Instruction ID: 32919a6f7ae1ad686692cd7c652dec7845ae036df74143bda7614805defcfe53
Opcode Fuzzy Hash: 73ac3ecb4549ff96c937fde0dcb0f5090359c64454b728bfc753e186894df05d
Instruction Fuzzy Hash: 9421697052C301DBD714EF19E488A2EFBF6EB95740F18881CE4C4932A2C731A861CB62

Function 001FB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: adba646953f0638bcd44d056db030fd660b8fac060b022e4b761b6ca2b611e60
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 6A11E933A091DD0EC3168D3CC8905B5BFA31AA7234B594399F4B5DB2D2D7228D8A8354

Function 001F0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: aad3cadd1624b0b707d05ab24f31930cfd6e36a2ffcf0f3036813e020e762207
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 7001D4F9A0030647E721DE5598D1B3BB2A86FA8718F08452CEA0A47303EB72EC06C6D1

Function 001ED1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be13a53bccc3f28c45a5bfb4fcae90c6bc563df1a364e516a02f3761f1b6f13d
Instruction ID: 36f88321f9d38ef7879d5a4a486019425da707fddebbc2ded7ae3a2943952877
Opcode Fuzzy Hash: be13a53bccc3f28c45a5bfb4fcae90c6bc563df1a364e516a02f3761f1b6f13d
Instruction Fuzzy Hash: 5A11ECB0418380AFD310AF619494A2FFBE5EBA6754F148C0DF6A49B251C37AE819CF56

Function 001C6EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 602a15230a905ab18e5b9c5475648fd230f7d49c2c0bcf097a7917bd34a5396d
Instruction ID: e27ba95b5337d0fa505d21c2acd8e22d3ea086bf990e414ee574608184e56a7a
Opcode Fuzzy Hash: 602a15230a905ab18e5b9c5475648fd230f7d49c2c0bcf097a7917bd34a5396d
Instruction Fuzzy Hash: 2CF0B43A71921A0FA221CDAAA8C4D3BB396D7E9355B15553DEA41D3201DEB2E8069190

Function 001FB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 001DC5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 001DB410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 8a8633f94b782b9e99e91a9977ebe5e6299f47231a7d988e3ba97a0326a39aa4
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: 1BF0A7B160851097DB22CA549CC0B3BBBDCCB96354F1A0427E84757703D3616845C3E5

Function 001F8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dca20ef4728f1f9adcba5b6db34f9d367e8926152f6318f383f0b6c685f35a85
Instruction ID: 2450dcdb828e6b99cc1c3899971ad3d2372b1f5104a1225e3bccc2ed9cef7867
Opcode Fuzzy Hash: dca20ef4728f1f9adcba5b6db34f9d367e8926152f6318f383f0b6c685f35a85
Instruction Fuzzy Hash: F601E4B04107009FD360EF29C445757BBE8EB08714F104A1DE8AECB691D770A5548B82

Function 00201440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: fc2432cc702fa710257fbcf3bc600a712e8bd92052ef83d19c14ed6bf9e5e301
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: 5CD0A73160832246DF748E19A400977F7F0EAC7B11F49955EF586E3199D230DC51C2A9

Function 001D1ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbff53defe307589a7ba04a3b1ee0154cb9b7f0c3bd4dccabce3bd329b870a37
Instruction ID: c25904baf800a3d10d1dc4798270d1307c64baf3307e4ac31a3cd4ffb7f18c7f
Opcode Fuzzy Hash: dbff53defe307589a7ba04a3b1ee0154cb9b7f0c3bd4dccabce3bd329b870a37
Instruction Fuzzy Hash: C5C08C34A982009BC288DF00FDDD572B3B8A307308700B03AEF03F3B62CB20E4028909

Function 00206094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cab30652dde499c718a331f7b39d37147d7b7a870b2c4ba7cbeab9060a7098c
Instruction ID: 4cc1e67ce5fdd3b1463d63d1dcdcb0772756ac41961beee3a543c8cfb5822ba4
Opcode Fuzzy Hash: 3cab30652dde499c718a331f7b39d37147d7b7a870b2c4ba7cbeab9060a7098c
Instruction Fuzzy Hash: E5C04C3466C100869608CE04A9554B5E2A79AB7668624F019C80723696D528D612991C

Function 001D1A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 545dbe55ae6d02cc439d1dd041de588f5b1800eeda2902ae191ab9a7925a346a
Instruction ID: d75c25a3c7292c5cbee878b928bf8dc60e62b49fc2c971b5aa638d0db14ad590
Opcode Fuzzy Hash: 545dbe55ae6d02cc439d1dd041de588f5b1800eeda2902ae191ab9a7925a346a
Instruction Fuzzy Hash: C6C04C25A991409BC298CE85B9D5531B2A85306208710303A9B02F7662C660D4058509

Function 00205FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1329789970.00000000001C1000.00000040.00000001.01000000.00000004.sdmp, Offset: 001C0000, based on PE: true

Associated: 00000006.00000002.1329769003.00000000001C0000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329917760.0000000000220000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1329943234.000000000022C000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330643968.0000000000377000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330905304.0000000000379000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1330967330.0000000000393000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331086773.0000000000397000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.0000000000398000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331136181.000000000039E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1331385498.00000000003A9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333462682.00000000003AA000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333652650.00000000003AB000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333686476.00000000003AC000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333802205.00000000003BA000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333816012.00000000003BB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333832996.00000000003BC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333845958.00000000003BD000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333898479.00000000003D1000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1333919352.00000000003D4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1334119092.00000000003D5000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336810672.00000000003E5000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336838987.00000000003F9000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336856144.00000000003FB000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1336873723.00000000003FC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337371809.0000000000401000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1337561521.0000000000409000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338086771.000000000040E000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1338588176.0000000000421000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339264566.0000000000424000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339459245.0000000000425000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339505069.0000000000429000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339529698.000000000042A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339800359.000000000042C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339817844.0000000000433000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339836711.0000000000435000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339860071.000000000043D000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339884426.000000000043F000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339904473.000000000044B000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339920681.000000000044C000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339941955.000000000045A000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.0000000000460000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1339961541.000000000047D000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340029510.00000000004AC000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340051645.00000000004AE000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004AF000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340077484.00000000004B4000.00000080.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340121651.00000000004C4000.00000040.00000001.01000000.00000004.sdmpDownload File
Associated: 00000006.00000002.1340141782.00000000004C5000.00000080.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_1c0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f9f54944ec750cd3746d322ec09769d74edb7f9a257d368b4f989825f8c6b21
Instruction ID: 899f539000b857daf2052e7f83d90556988b2021ec83d32c23d8aa090661178c
Opcode Fuzzy Hash: 9f9f54944ec750cd3746d322ec09769d74edb7f9a257d368b4f989825f8c6b21
Instruction Fuzzy Hash: E8C09B2476C00047964CCF14ED55575F2F79BB752C714F01DC80773255E534D611850C

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
file.exe

Function 001CFCA0 Relevance: 6.6, Strings: 5, Instructions: 373
COMMON

Function 001FF620 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 461
COMMON

Function 001CD110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 00205700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Function 00205BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 001D2F94 Relevance: 15.9, APIs: 1, Strings: 9, Instructions: 862
COMMON

Function 00203220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 001FF54B Relevance: 1.6, APIs: 1, Instructions: 52
memoryCOMMON

Function 001FF5FC Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Function 001D2F6F Relevance: 1.5, APIs: 1, Instructions: 13
COMMON