Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1538049
MD5:	8807c90712633e029ebf474483d8e5dd
SHA1:	4ee5ca2e42c4f22d953ef62574e8cddf3237c3e9
SHA256:	41fc1dac9a82abe35fdcf4a94e429c2a04aca4e9282cebeb792b1ab32f5f408b
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 2564 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 8807C90712633E029EBF474483D8E5DD)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["spirittunek.store", "licendfilteo.site", "mobbipenju.store", "clearancek.site", "studennotediw.store", "bathdoomgaz.store", "dissapoiznw.store", "eaglepawnoy.store"], "Build id": "mih--"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:39.867487+0200	2054653	1	A Network Trojan was detected	192.168.2.8	49705	172.67.206.204	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:39.867487+0200	2049836	1	A Network Trojan was detected	192.168.2.8	49705	172.67.206.204	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:36.588650+0200	2056477	1	Domain Observed Used for C2 Detected	192.168.2.8	54582	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:36.530709+0200	2056471	1	Domain Observed Used for C2 Detected	192.168.2.8	56680	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:36.566571+0200	2056481	1	Domain Observed Used for C2 Detected	192.168.2.8	63219	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:36.555333+0200	2056483	1	Domain Observed Used for C2 Detected	192.168.2.8	49838	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:36.613452+0200	2056473	1	Domain Observed Used for C2 Detected	192.168.2.8	58501	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:36.544145+0200	2056485	1	Domain Observed Used for C2 Detected	192.168.2.8	54877	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:36.602429+0200	2056475	1	Domain Observed Used for C2 Detected	192.168.2.8	64129	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:36.577823+0200	2056479	1	Domain Observed Used for C2 Detected	192.168.2.8	57198	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-20T05:39:38.480523+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.8	49704	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900/badges

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.2564.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["spirittunek.store", "licendfilteo.site", "mobbipenju.store", "clearancek.site", "studennotediw.store", "bathdoomgaz.store", "dissapoiznw.store", "eaglepawnoy.store"], "Build id": "mih--"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.8:49705 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0048D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_0048D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_004C63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_004C5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_004C695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_004C99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_0048FCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00490EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_004C4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00481000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00496F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_004BF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_004C6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_004AD1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_004A2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_004A2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_004942FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_0048A300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_004B23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_004B23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_004B23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_004B23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_004B23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_004B23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_004C1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0049D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_004AC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_004AE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_0049B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_004C64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_004A9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_004C7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00496536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00488590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_004BB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_004AE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_004C7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_004C67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_004AD7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_004A28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_0049D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_004C3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_004849A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_004C4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00485A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00491A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00491ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_0049DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_0049DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_004C9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00491BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00493BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_004B0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_004AEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_004A7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_004BFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_004ACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_004ACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_004ACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_004C9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_004C9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_004AAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_004AAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_004AFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_004ADD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_004C8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_004AAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_004A7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_004A5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00494E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00491E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00486EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00496EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_0048BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_004A9F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_004BFF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_004C7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_004C7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_0049FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00488FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_004C5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00496F91

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.8:56680 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.8:58501 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.8:57198 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.8:49838 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.8:63219 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.8:54877 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.8:64129 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.8:54582 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.8:49704 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.8:49705 -> 172.67.206.204:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.8:49705 -> 172.67.206.204:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: studennotediw.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: eaglepawnoy.store

Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254
Source: Joe Sandbox View	IP Address: 172.67.206.204 172.67.206.204

Source: Joe Sandbox View	ASN Name: AKAMAI-ASUS AKAMAI-ASUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: file.exe, 00000000.00000003.1502940880.0000000000830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e73b244decdec33a0ea; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=fb6c9d6772d4d37dd051b81e; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34508Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 20 Oct 2024 03:39:38 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control% equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a61
Source: file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/
Source: file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english
Source: file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
Source: file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am
Source: file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalContent.js?v=XpCpvP7feUoO&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
Source: file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000002.1537141593.0000000000830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516448997.0000000000830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000002.1537141593.0000000000830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516448997.0000000000830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1537092285.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516448997.0000000000800000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516599759.0000000000802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.1503080236.0000000000802000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502940880.0000000000800000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1537092285.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516448997.0000000000800000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516599759.0000000000802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/K
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000003.1502940880.0000000000800000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1537092285.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516448997.0000000000800000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516599759.0000000000802000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.1502940880.0000000000830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502940880.000000000080E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.1502940880.000000000080E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e7
Source: file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.8:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.8:49705 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00490228	0_2_00490228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C4040	0_2_004C4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481000	0_2_00481000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058C03E	0_2_0058C03E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00492030	0_2_00492030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CA0D0	0_2_004CA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00485160	0_2_00485160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004871F0	0_2_004871F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048E1A0	0_2_0048E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B82D0	0_2_004B82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B12D0	0_2_004B12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004812F7	0_2_004812F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A300	0_2_0048A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B23E0	0_2_004B23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048B3A0	0_2_0048B3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC470	0_2_004AC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005734F6	0_2_005734F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B64F0	0_2_004B64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00494487	0_2_00494487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049049B	0_2_0049049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481569	0_2_00481569
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049C5F0	0_2_0049C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488590	0_2_00488590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004835B0	0_2_004835B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8652	0_2_004C8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BF620	0_2_004BF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C86F0	0_2_004C86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A850	0_2_0048A850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B1860	0_2_004B1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EF87A	0_2_004EF87A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064A8ED	0_2_0064A8ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BB8C0	0_2_004BB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005678CF	0_2_005678CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AF8C7	0_2_005AF8C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005838E6	0_2_005838E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064F8B3	0_2_0064F8B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BE8A0	0_2_004BE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005FC8AF	0_2_005FC8AF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006569ED	0_2_006569ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063D9C5	0_2_0063D9C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A098B	0_2_004A098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065498D	0_2_0065498D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C89A0	0_2_004C89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C4A40	0_2_004C4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A1A6F	0_2_005A1A6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8A80	0_2_004C8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00646A84	0_2_00646A84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C7AB0	0_2_004C7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049DB6F	0_2_0049DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00487BF0	0_2_00487BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8C02	0_2_004C8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004ACCD0	0_2_004ACCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064DC8B	0_2_0064DC8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C6CBF	0_2_004C6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A8D62	0_2_004A8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AFD10	0_2_004AFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004ADD29	0_2_004ADD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AAE57	0_2_004AAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00652E47	0_2_00652E47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8E70	0_2_004C8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00494E2A	0_2_00494E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00657ED5	0_2_00657ED5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00496EBF	0_2_00496EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048BEB0	0_2_0048BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048AF10	0_2_0048AF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C7FC0	0_2_004C7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488FD0	0_2_00488FD0

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0049D300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0048CAA0 appears 48 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9995745668316832

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004B8220 CoCreateInstance,

0_2_004B8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 2954240 > 1048576

Source: file.exe

Static PE information: Raw size of vftajktf is bigger than: 0x100000 < 0x2a7e00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.480000.0.unpack :EW;.rsrc :W;.idata :W;vftajktf:EW;qbhsvnkl:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;vftajktf:EW;qbhsvnkl:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x2dd71d should be: 0x2d2512

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: vftajktf
Source: file.exe	Static PE information: section name: qbhsvnkl
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058C03E push 073BCDD3h; mov dword ptr [esp], ecx	0_2_0058C0BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058C03E push ecx; mov dword ptr [esp], edi	0_2_0058C19C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0058C03E push 6B38F0E0h; mov dword ptr [esp], edx	0_2_0058C1FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0071D00C push 16165472h; mov dword ptr [esp], eax	0_2_0071D06B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005390D1 push ecx; mov dword ptr [esp], ebx	0_2_0053913A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005390D1 push edx; mov dword ptr [esp], eax	0_2_0053914A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005390D1 push ebx; mov dword ptr [esp], ebp	0_2_0053925D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006290F4 push ebp; mov dword ptr [esp], edx	0_2_00629130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006290F4 push 5C93F3A8h; mov dword ptr [esp], eax	0_2_00629175
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006290F4 push ecx; mov dword ptr [esp], 6973B758h	0_2_006292BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006B60FC push edx; mov dword ptr [esp], edi	0_2_006B6100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006B60FC push edx; mov dword ptr [esp], edi	0_2_006B63AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D70D9 push 0D196300h; mov dword ptr [esp], ebp	0_2_006D715B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E30BA push edi; mov dword ptr [esp], 46323415h	0_2_004E43EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E30BA push eax; mov dword ptr [esp], esi	0_2_004E550D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E81FB push eax; mov dword ptr [esp], 05F7F219h	0_2_004E90A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006B3269 push edi; mov dword ptr [esp], 1B8E0591h	0_2_006B3286
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0072426C push eax; mov dword ptr [esp], edx	0_2_00724276
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0072426C push edi; mov dword ptr [esp], eax	0_2_0072428A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0073725F push 56AB24F4h; mov dword ptr [esp], ebx	0_2_007372B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006BE254 push edi; mov dword ptr [esp], 16E58F24h	0_2_006BE273
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006BE254 push eax; mov dword ptr [esp], esp	0_2_006BE2F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006BE254 push edi; mov dword ptr [esp], edx	0_2_006BE311
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CF23B push edx; ret	0_2_004CF24B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007042D2 push edx; mov dword ptr [esp], ebp	0_2_007042E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007042D2 push edx; mov dword ptr [esp], 53CFB338h	0_2_0070431C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0075A37E push 1578E990h; mov dword ptr [esp], esp	0_2_0075A3E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00772383 push ebp; mov dword ptr [esp], edi	0_2_007722DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00772383 push ebp; mov dword ptr [esp], esi	0_2_0077239D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_007274FD push ebp; mov dword ptr [esp], eax	0_2_00727993
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006D64F1 push ecx; mov dword ptr [esp], 43378358h	0_2_006D6524

Source: file.exe

Static PE information: section name: entropy: 7.977450140927688

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E42FE second address: 4E4308 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F7EF47D6516h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64F33D second address: 64F379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push edi 0x0000000b pop edi 0x0000000c jnl 00007F7EF4CDC566h 0x00000012 popad 0x00000013 jmp 00007F7EF4CDC56Fh 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F7EF4CDC577h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64F379 second address: 64F37E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EEEE second address: 65EF08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC576h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EF08 second address: 65EF0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EF5A second address: 65EF5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EF5E second address: 65EF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F7EF47D6518h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7EF47D651Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EF7B second address: 65EFDD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 call 00007F7EF4CDC576h 0x0000000e sub cx, 8C00h 0x00000013 pop edi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007F7EF4CDC568h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 jnc 00007F7EF4CDC568h 0x00000036 push B341B1A1h 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F7EF4CDC56Ah 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EFDD second address: 65EFE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EFE1 second address: 65EFE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EFE7 second address: 65F0B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6526h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 4CBE4EDFh 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F7EF47D6518h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+122D2D82h] 0x00000030 push 00000003h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007F7EF47D6518h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 0000001Dh 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c push 00000000h 0x0000004e mov dh, bh 0x00000050 push 00000003h 0x00000052 mov esi, dword ptr [ebp+122D2CCAh] 0x00000058 call 00007F7EF47D6519h 0x0000005d jnl 00007F7EF47D652Bh 0x00000063 push eax 0x00000064 jng 00007F7EF47D6525h 0x0000006a jmp 00007F7EF47D651Fh 0x0000006f mov eax, dword ptr [esp+04h] 0x00000073 jmp 00007F7EF47D6522h 0x00000078 mov eax, dword ptr [eax] 0x0000007a pushad 0x0000007b push eax 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F0B4 second address: 65F0CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 js 00007F7EF4CDC566h 0x0000000c pop eax 0x0000000d popad 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F0CC second address: 65F0D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F0D0 second address: 65F0D6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F0D6 second address: 65F0DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F0DB second address: 65F11D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7EF4CDC566h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop eax 0x0000000e call 00007F7EF4CDC578h 0x00000013 push edi 0x00000014 jc 00007F7EF4CDC566h 0x0000001a pop ecx 0x0000001b pop ecx 0x0000001c lea ebx, dword ptr [ebp+1244EDA1h] 0x00000022 mov dword ptr [ebp+122D1C0Dh], eax 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F11D second address: 65F121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F121 second address: 65F127 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F127 second address: 65F12C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F190 second address: 65F203 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC573h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F7EF4CDC568h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F7EF4CDC568h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 00000015h 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 mov ecx, dword ptr [ebp+122D2BD6h] 0x00000048 push F68A5C88h 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007F7EF4CDC570h 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F203 second address: 65F2B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7EF47D6523h 0x00000008 jg 00007F7EF47D6516h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 add dword ptr [esp], 0975A3F8h 0x00000018 call 00007F7EF47D6524h 0x0000001d mov cx, D4AAh 0x00000021 pop esi 0x00000022 push 00000003h 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push ecx 0x00000029 call 00007F7EF47D6518h 0x0000002e pop ecx 0x0000002f mov dword ptr [esp+04h], ecx 0x00000033 add dword ptr [esp+04h], 0000001Bh 0x0000003b inc ecx 0x0000003c push ecx 0x0000003d ret 0x0000003e pop ecx 0x0000003f ret 0x00000040 mov dword ptr [ebp+122D1D83h], eax 0x00000046 stc 0x00000047 push 00000003h 0x00000049 cld 0x0000004a call 00007F7EF47D6519h 0x0000004f push edi 0x00000050 jg 00007F7EF47D652Ch 0x00000056 pop edi 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F7EF47D6525h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F2B2 second address: 65F2B7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F2B7 second address: 65F340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c jmp 00007F7EF47D6525h 0x00000011 jmp 00007F7EF47D6520h 0x00000016 popad 0x00000017 mov eax, dword ptr [eax] 0x00000019 jne 00007F7EF47D6520h 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 jnl 00007F7EF47D651Eh 0x00000029 pop eax 0x0000002a xor esi, dword ptr [ebp+122D2E92h] 0x00000030 mov edx, dword ptr [ebp+122D2EA2h] 0x00000036 lea ebx, dword ptr [ebp+1244EDAAh] 0x0000003c jnp 00007F7EF47D651Eh 0x00000042 js 00007F7EF47D6518h 0x00000048 mov esi, edx 0x0000004a push eax 0x0000004b pushad 0x0000004c jnc 00007F7EF47D651Ch 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F340 second address: 65F344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F3C6 second address: 65F3D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D651Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F3D4 second address: 65F3DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F7EF4CDC566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F3DE second address: 65F3E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F3E2 second address: 65F426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 add dword ptr [ebp+122D381Eh], edx 0x0000000f mov edi, dword ptr [ebp+122D209Ch] 0x00000015 push 00000000h 0x00000017 call 00007F7EF4CDC578h 0x0000001c add esi, dword ptr [ebp+122D2C22h] 0x00000022 pop edi 0x00000023 call 00007F7EF4CDC569h 0x00000028 push ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F426 second address: 65F42A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F42A second address: 65F45E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007F7EF4CDC573h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push ecx 0x00000012 jg 00007F7EF4CDC56Ch 0x00000018 pop ecx 0x00000019 mov eax, dword ptr [eax] 0x0000001b push ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F45E second address: 65F462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F462 second address: 65F4FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jmp 00007F7EF4CDC577h 0x00000010 pop eax 0x00000011 mov ecx, dword ptr [ebp+122D2E62h] 0x00000017 sub cl, 0000004Ch 0x0000001a push 00000003h 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f call 00007F7EF4CDC568h 0x00000024 pop edx 0x00000025 mov dword ptr [esp+04h], edx 0x00000029 add dword ptr [esp+04h], 00000014h 0x00000031 inc edx 0x00000032 push edx 0x00000033 ret 0x00000034 pop edx 0x00000035 ret 0x00000036 cmc 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push edi 0x0000003c call 00007F7EF4CDC568h 0x00000041 pop edi 0x00000042 mov dword ptr [esp+04h], edi 0x00000046 add dword ptr [esp+04h], 00000014h 0x0000004e inc edi 0x0000004f push edi 0x00000050 ret 0x00000051 pop edi 0x00000052 ret 0x00000053 push edx 0x00000054 mov dword ptr [ebp+122D1DAAh], ecx 0x0000005a pop esi 0x0000005b push 00000003h 0x0000005d jmp 00007F7EF4CDC572h 0x00000062 push E70FC283h 0x00000067 push esi 0x00000068 push eax 0x00000069 push edx 0x0000006a jmp 00007F7EF4CDC56Eh 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F4FD second address: 65F539 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 xor dword ptr [esp], 270FC283h 0x0000000e sub ecx, 7FD35103h 0x00000014 lea ebx, dword ptr [ebp+1244EDB5h] 0x0000001a mov edi, dword ptr [ebp+122D1DCCh] 0x00000020 xchg eax, ebx 0x00000021 jmp 00007F7EF47D6525h 0x00000026 push eax 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F539 second address: 65F53D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670F1C second address: 670F35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6525h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670F35 second address: 670F3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F7EF4CDC566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670F3F second address: 670F43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6808FA second address: 680900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 680900 second address: 680920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7EF47D6523h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 680920 second address: 680925 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 680925 second address: 680941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jng 00007F7EF47D6516h 0x0000000c jmp 00007F7EF47D651Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67E911 second address: 67E92C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F7EF4CDC56Eh 0x0000000c jne 00007F7EF4CDC566h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67E92C second address: 67E953 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7EF47D651Eh 0x0000000b jne 00007F7EF47D651Eh 0x00000011 pushad 0x00000012 popad 0x00000013 jng 00007F7EF47D6516h 0x00000019 popad 0x0000001a pushad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67E953 second address: 67E959 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67EC0F second address: 67EC35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F7EF47D6516h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7EF47D6529h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67EEC9 second address: 67EEE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7EF4CDC56Ch 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 je 00007F7EF4CDC566h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67EEE6 second address: 67EEF2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jl 00007F7EF47D6516h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F333 second address: 67F337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F337 second address: 67F33D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F49D second address: 67F4A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F924 second address: 67F92E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7EF47D6516h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64D776 second address: 64D790 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7EF4CDC566h 0x00000008 jmp 00007F7EF4CDC56Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64D790 second address: 64D796 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64D796 second address: 64D79A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64D79A second address: 64D7BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6527h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64D7BC second address: 64D7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64D7C2 second address: 64D7C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64D7C6 second address: 64D7CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64D7CC second address: 64D7D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68048D second address: 680493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68076B second address: 68077F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7EF47D651Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68077F second address: 680785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68688C second address: 6868A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F7EF47D651Ah 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6868A1 second address: 6868A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6876D6 second address: 6876F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6525h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6876F6 second address: 687713 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC579h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 687713 second address: 687718 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689029 second address: 68902D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64BC83 second address: 64BC9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6522h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64BC9E second address: 64BCBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC571h 0x00000007 jnl 00007F7EF4CDC566h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68BA6C second address: 68BA82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F7EF47D651Bh 0x0000000b push edi 0x0000000c pop edi 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68E19C second address: 68E1A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68E1A0 second address: 68E1C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7EF47D6525h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68E1C3 second address: 68E1C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68E1C9 second address: 68E1CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68EEC2 second address: 68EED6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F7EF4CDC56Bh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68F122 second address: 68F131 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D651Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68F263 second address: 68F267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68F740 second address: 68F74B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7EF47D6516h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68F74B second address: 68F755 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7EF4CDC56Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68F755 second address: 68F765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F7EF47D6516h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68F765 second address: 68F780 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7EF4CDC573h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68F780 second address: 68F784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68F784 second address: 68F80B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F7EF4CDC568h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 push edx 0x00000023 mov edi, 4629D5D6h 0x00000028 pop esi 0x00000029 mov edi, dword ptr [ebp+122D2E06h] 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push esi 0x00000034 call 00007F7EF4CDC568h 0x00000039 pop esi 0x0000003a mov dword ptr [esp+04h], esi 0x0000003e add dword ptr [esp+04h], 0000001Dh 0x00000046 inc esi 0x00000047 push esi 0x00000048 ret 0x00000049 pop esi 0x0000004a ret 0x0000004b mov edi, dword ptr [ebp+122D2D0Eh] 0x00000051 push 00000000h 0x00000053 xchg eax, ebx 0x00000054 jp 00007F7EF4CDC570h 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F7EF4CDC56Eh 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 690117 second address: 69011C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6911E8 second address: 6911F2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7EF4CDC566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 690A17 second address: 690A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6911F2 second address: 6911FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F7EF4CDC566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 691CBE second address: 691CC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6931EC second address: 6931F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693BCB second address: 693BD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F7EF47D6516h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693E82 second address: 693E8C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7EF4CDC566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693BD6 second address: 693BEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jns 00007F7EF47D6536h 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F7EF47D6516h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693E8C second address: 693EE6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7EF4CDC568h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b adc edi, 14DD77B1h 0x00000011 jmp 00007F7EF4CDC577h 0x00000016 push 00000000h 0x00000018 mov esi, dword ptr [ebp+122D39B3h] 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ecx 0x00000023 call 00007F7EF4CDC568h 0x00000028 pop ecx 0x00000029 mov dword ptr [esp+04h], ecx 0x0000002d add dword ptr [esp+04h], 00000018h 0x00000035 inc ecx 0x00000036 push ecx 0x00000037 ret 0x00000038 pop ecx 0x00000039 ret 0x0000003a push eax 0x0000003b push ebx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 693EE6 second address: 693EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6990AD second address: 6990B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 695177 second address: 69517D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69C11F second address: 69C14A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7EF4CDC57Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e jnp 00007F7EF4CDC566h 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6992E3 second address: 6992E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D03A second address: 69D0C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC578h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7EF4CDC571h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F7EF4CDC568h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a xor dword ptr [ebp+122D1F9Bh], esi 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ecx 0x00000035 call 00007F7EF4CDC568h 0x0000003a pop ecx 0x0000003b mov dword ptr [esp+04h], ecx 0x0000003f add dword ptr [esp+04h], 0000001Ah 0x00000047 inc ecx 0x00000048 push ecx 0x00000049 ret 0x0000004a pop ecx 0x0000004b ret 0x0000004c movzx ebx, cx 0x0000004f push 00000000h 0x00000051 or di, BFF7h 0x00000056 push eax 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a push ecx 0x0000005b pop ecx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69B281 second address: 69B2A3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7EF47D6518h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e je 00007F7EF47D6516h 0x00000014 jmp 00007F7EF47D651Bh 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6992E7 second address: 69930A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7EF4CDC575h 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D0C6 second address: 69D0CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69930A second address: 699315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7EF4CDC566h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D291 second address: 69D295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69D295 second address: 69D2AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC572h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69EF6D second address: 69EFE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6522h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007F7EF47D6518h 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 push eax 0x00000013 jmp 00007F7EF47D651Fh 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F7EF47D6518h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 mov ebx, edi 0x00000035 movsx edi, di 0x00000038 push 00000000h 0x0000003a sub dword ptr [ebp+12451462h], edx 0x00000040 movzx edi, cx 0x00000043 push 00000000h 0x00000045 jns 00007F7EF47D6518h 0x0000004b xchg eax, esi 0x0000004c push eax 0x0000004d push edx 0x0000004e push ecx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69EFE2 second address: 69EFE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69EFE7 second address: 69F015 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D651Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jmp 00007F7EF47D6526h 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69F015 second address: 69F01A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A0188 second address: 6A0198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F7EF47D6516h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A10CD second address: 6A10E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F7EF4CDC56Ch 0x0000000f jbe 00007F7EF4CDC566h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A10E2 second address: 6A10E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A10E7 second address: 6A1132 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F7EF4CDC568h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 mov ebx, dword ptr [ebp+122D2ECEh] 0x00000028 push 00000000h 0x0000002a jl 00007F7EF4CDC567h 0x00000030 clc 0x00000031 push 00000000h 0x00000033 sbb bx, 7CF7h 0x00000038 xchg eax, esi 0x00000039 pushad 0x0000003a pushad 0x0000003b jg 00007F7EF4CDC566h 0x00000041 push eax 0x00000042 pop eax 0x00000043 popad 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A1132 second address: 6A1136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A1136 second address: 6A1154 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC56Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F7EF4CDC56Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A210D second address: 6A2124 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7EF47D6522h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A2124 second address: 6A21BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jno 00007F7EF4CDC574h 0x0000000e nop 0x0000000f mov di, 4651h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F7EF4CDC568h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f jmp 00007F7EF4CDC576h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push eax 0x00000039 call 00007F7EF4CDC568h 0x0000003e pop eax 0x0000003f mov dword ptr [esp+04h], eax 0x00000043 add dword ptr [esp+04h], 0000001Ch 0x0000004b inc eax 0x0000004c push eax 0x0000004d ret 0x0000004e pop eax 0x0000004f ret 0x00000050 xchg eax, esi 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F7EF4CDC575h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A21BA second address: 6A21BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A21BE second address: 6A21C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A21C4 second address: 6A21CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3130 second address: 6A3134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3134 second address: 6A3179 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F7EF47D6528h 0x0000000c pop ebx 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 mov dword ptr [ebp+122D2965h], ecx 0x00000017 push 00000000h 0x00000019 add dword ptr [ebp+122D2003h], eax 0x0000001f mov dword ptr [ebp+122D1BE1h], edx 0x00000025 push 00000000h 0x00000027 and ebx, dword ptr [ebp+122D1D48h] 0x0000002d xchg eax, esi 0x0000002e pushad 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3179 second address: 6A317F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A317F second address: 6A3188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3188 second address: 6A318C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A318C second address: 6A319B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A319B second address: 6A31A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A60FD second address: 6A6101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A776F second address: 6A7773 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A7773 second address: 6A77C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F7EF47D6518h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D340Bh], edi 0x0000002e push 00000000h 0x00000030 jng 00007F7EF47D6517h 0x00000036 clc 0x00000037 push 00000000h 0x00000039 ja 00007F7EF47D651Ch 0x0000003f push eax 0x00000040 pushad 0x00000041 jc 00007F7EF47D6518h 0x00000047 push ecx 0x00000048 pop ecx 0x00000049 pushad 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A87F8 second address: 6A8804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A8804 second address: 6A880E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7EF47D6516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A333A second address: 6A3343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3343 second address: 6A3347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A97DA second address: 6A9870 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F7EF4CDC568h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D297Dh], esi 0x00000028 push 00000000h 0x0000002a or edi, 69570E7Ah 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007F7EF4CDC568h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 00000014h 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c mov dword ptr [ebp+12450646h], edi 0x00000052 xchg eax, esi 0x00000053 jmp 00007F7EF4CDC579h 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c jmp 00007F7EF4CDC574h 0x00000061 jg 00007F7EF4CDC566h 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A79B1 second address: 6A79B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A9870 second address: 6A9881 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7EF4CDC56Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A12A2 second address: 6A134C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6527h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007F7EF47D651Bh 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007F7EF47D6518h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 push ebx 0x0000003a or edi, dword ptr [ebp+122D1DEBh] 0x00000040 pop edi 0x00000041 mov eax, dword ptr [ebp+122D0459h] 0x00000047 push 00000000h 0x00000049 push edi 0x0000004a call 00007F7EF47D6518h 0x0000004f pop edi 0x00000050 mov dword ptr [esp+04h], edi 0x00000054 add dword ptr [esp+04h], 00000014h 0x0000005c inc edi 0x0000005d push edi 0x0000005e ret 0x0000005f pop edi 0x00000060 ret 0x00000061 pushad 0x00000062 mov ecx, dword ptr [ebp+122D2E5Ah] 0x00000068 mov dh, 48h 0x0000006a popad 0x0000006b push FFFFFFFFh 0x0000006d movsx ebx, bx 0x00000070 nop 0x00000071 jng 00007F7EF47D6532h 0x00000077 push eax 0x00000078 push edx 0x00000079 jmp 00007F7EF47D6524h 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A134C second address: 6A135D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F7EF4CDC568h 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A135D second address: 6A136C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7EF47D651Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A8969 second address: 6A89E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC570h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, dword ptr [ebp+122D39CAh] 0x00000013 push dword ptr fs:[00000000h] 0x0000001a clc 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007F7EF4CDC568h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 00000017h 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c mov eax, dword ptr [ebp+122D0159h] 0x00000042 sub bx, 2742h 0x00000047 push FFFFFFFFh 0x00000049 push 00000000h 0x0000004b push esi 0x0000004c call 00007F7EF4CDC568h 0x00000051 pop esi 0x00000052 mov dword ptr [esp+04h], esi 0x00000056 add dword ptr [esp+04h], 00000017h 0x0000005e inc esi 0x0000005f push esi 0x00000060 ret 0x00000061 pop esi 0x00000062 ret 0x00000063 nop 0x00000064 push eax 0x00000065 push edx 0x00000066 push edi 0x00000067 pushad 0x00000068 popad 0x00000069 pop edi 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650E73 second address: 650E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7EF47D6516h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650E83 second address: 650E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 650E87 second address: 650E97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F7EF47D6516h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2B7D second address: 6B2B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2B81 second address: 6B2B87 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2B87 second address: 6B2BBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7EF4CDC577h 0x00000009 jmp 00007F7EF4CDC578h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2BBA second address: 6B2BBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B2D31 second address: 6B2D38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 655F45 second address: 655F4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 655F4B second address: 655F4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 655F4F second address: 655F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B828E second address: 6B82D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 jno 00007F7EF4CDC578h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jc 00007F7EF4CDC578h 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jnc 00007F7EF4CDC566h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B82D6 second address: 6B82DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B82DB second address: 6B82E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B82E1 second address: 6B82FB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7EF47D651Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B82FB second address: 6B82FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 676E81 second address: 676E85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 676E85 second address: 676E8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE048 second address: 6BE061 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jnc 00007F7EF47D6516h 0x0000000b jnc 00007F7EF47D6516h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE061 second address: 6BE067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE723 second address: 6BE72F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7EF47D6516h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE72F second address: 6BE73B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE73B second address: 6BE741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE741 second address: 6BE746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE746 second address: 6BE764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7EF47D651Ch 0x00000009 jmp 00007F7EF47D651Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE8AE second address: 6BE8DE instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7EF4CDC568h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnc 00007F7EF4CDC57Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE8DE second address: 6BE8E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEA3F second address: 6BEA43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEB99 second address: 6BEB9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BEB9F second address: 6BEBA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 695A30 second address: 676E81 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007F7EF47D6516h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f sbb edi, 45E7D9EFh 0x00000015 call dword ptr [ebp+122D2804h] 0x0000001b jnc 00007F7EF47D652Eh 0x00000021 push eax 0x00000022 push edx 0x00000023 je 00007F7EF47D6516h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 695BCA second address: 695BD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69608F second address: 6960C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6526h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7EF47D6525h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69618F second address: 696194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 696922 second address: 696979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 nop 0x00000007 or edi, dword ptr [ebp+122D1F46h] 0x0000000d push 0000001Eh 0x0000000f call 00007F7EF47D6520h 0x00000014 xor dword ptr [ebp+122D35C7h], ebx 0x0000001a pop ecx 0x0000001b nop 0x0000001c pushad 0x0000001d pushad 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 jmp 00007F7EF47D651Ch 0x00000028 popad 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F7EF47D6529h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 696A6B second address: 696A6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 696A6F second address: 696A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F7EF47D6524h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7EF47D651Ch 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 696A9B second address: 696AA5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7EF4CDC566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 696AA5 second address: 696AAF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7EF47D651Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 696D69 second address: 6779B3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7EF4CDC578h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b sub dword ptr [ebp+1244F6B7h], ebx 0x00000011 lea eax, dword ptr [ebp+124857B3h] 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007F7EF4CDC568h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 push eax 0x00000032 jg 00007F7EF4CDC56Eh 0x00000038 mov dword ptr [esp], eax 0x0000003b mov edi, dword ptr [ebp+122D2E4Ah] 0x00000041 lea eax, dword ptr [ebp+1248576Fh] 0x00000047 mov di, 3B18h 0x0000004b push eax 0x0000004c push ebx 0x0000004d pushad 0x0000004e pushad 0x0000004f popad 0x00000050 jmp 00007F7EF4CDC56Bh 0x00000055 popad 0x00000056 pop ebx 0x00000057 mov dword ptr [esp], eax 0x0000005a movsx ecx, cx 0x0000005d call dword ptr [ebp+122D276Bh] 0x00000063 push ebx 0x00000064 pushad 0x00000065 push edi 0x00000066 pop edi 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C23F9 second address: 6C23FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C23FD second address: 6C2403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C2B14 second address: 6C2B19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C2B19 second address: 6C2B33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC572h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C6341 second address: 6C6347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C6347 second address: 6C634B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C9EB7 second address: 6C9EBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C9EBD second address: 6C9EC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CB62A second address: 6CB633 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D14F4 second address: 6D14F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D1981 second address: 6D1985 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D1C0D second address: 6D1C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D1C11 second address: 6D1C15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D1F40 second address: 6D1F44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D1F44 second address: 6D1F68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F7EF47D6518h 0x0000000e jmp 00007F7EF47D6520h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D1F68 second address: 6D1F7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7EF4CDC570h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D1F7C second address: 6D1F80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D7922 second address: 6D7944 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F7EF4CDC578h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D7944 second address: 6D794A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D794A second address: 6D7950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D6645 second address: 6D664B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DD91A second address: 6DD91E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DD91E second address: 6DD934 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7EF47D6520h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DD934 second address: 6DD967 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7EF4CDC578h 0x00000009 jmp 00007F7EF4CDC577h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DD967 second address: 6DD980 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DD980 second address: 6DD984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E2E16 second address: 6E2E3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7EF47D6529h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E2E3D second address: 6E2E49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F7EF4CDC566h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E2E49 second address: 6E2E4E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E2F8C second address: 6E2FBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F7EF4CDC566h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F7EF4CDC56Ah 0x00000011 jg 00007F7EF4CDC573h 0x00000017 popad 0x00000018 push ebx 0x00000019 jp 00007F7EF4CDC56Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E7BA1 second address: 6E7BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7EF47D6522h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69679F second address: 696809 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a cmc 0x0000000b mov ebx, dword ptr [ebp+124857AEh] 0x00000011 mov dword ptr [ebp+1244FFF4h], esi 0x00000017 add eax, ebx 0x00000019 xor dl, FFFFFFBBh 0x0000001c push eax 0x0000001d jmp 00007F7EF4CDC56Ch 0x00000022 mov dword ptr [esp], eax 0x00000025 mov dword ptr [ebp+122D3493h], esi 0x0000002b push 00000004h 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007F7EF4CDC568h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 00000019h 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 mov edx, dword ptr [ebp+122D1F6Eh] 0x0000004d push eax 0x0000004e push ebx 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F7EF4CDC56Bh 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 696809 second address: 69680D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E7F9D second address: 6E7FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F7EF4CDC572h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E7FBB second address: 6E7FEC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7EF47D6516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jbe 00007F7EF47D6516h 0x00000011 jmp 00007F7EF47D6524h 0x00000016 jnp 00007F7EF47D6516h 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E8186 second address: 6E818B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F1D1C second address: 6F1D22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F1D22 second address: 6F1D26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F28DC second address: 6F28E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F2EA7 second address: 6F2EAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F2EAB second address: 6F2EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F31A3 second address: 6F31A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F31A7 second address: 6F31AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F31AD second address: 6F31CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F7EF4CDC577h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F31CA second address: 6F31EC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7EF47D651Eh 0x00000008 jg 00007F7EF47D651Ah 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ebx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F379E second address: 6F37AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jc 00007F7EF4CDC572h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F37AB second address: 6F37B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7EF47D6516h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F7783 second address: 6F7797 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC56Fh 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F6A47 second address: 6F6A52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F6C1D second address: 6F6C36 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7EF4CDC566h 0x00000008 jmp 00007F7EF4CDC56Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F72CD second address: 6F72F0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 jmp 00007F7EF47D6522h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jl 00007F7EF47D6524h 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FBF3E second address: 6FBF5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC575h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FBF5B second address: 6FBF83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a ja 00007F7EF47D6516h 0x00000010 jmp 00007F7EF47D6526h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70315B second address: 703174 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC573h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 703174 second address: 703184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7EF47D651Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 703184 second address: 70319F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jnl 00007F7EF4CDC566h 0x00000013 jg 00007F7EF4CDC566h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70319F second address: 7031A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7031A4 second address: 7031AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7031AA second address: 7031B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7EF47D6516h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7031B4 second address: 7031BE instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7EF4CDC566h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7035CE second address: 7035D3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 703733 second address: 70373D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7EF4CDC566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70373D second address: 703752 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F7EF47D651Bh 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 703752 second address: 703757 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 703757 second address: 703769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7EF47D6516h 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 703769 second address: 70376D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7039EE second address: 7039F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7039F2 second address: 703A02 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7EF4CDC566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 703CA2 second address: 703CB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6520h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 703E2A second address: 703E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 703E2E second address: 703E34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 703E34 second address: 703E3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70469B second address: 7046A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7EF47D6516h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7046A9 second address: 7046B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 je 00007F7EF4CDC566h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7046B8 second address: 7046D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF47D6528h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 704E07 second address: 704E24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC579h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 702C82 second address: 702C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 702C86 second address: 702CD2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7EF4CDC566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b je 00007F7EF4CDC566h 0x00000011 jmp 00007F7EF4CDC576h 0x00000016 jmp 00007F7EF4CDC572h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e pop esi 0x0000001f push ebx 0x00000020 jmp 00007F7EF4CDC56Ah 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 702CD2 second address: 702CD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D7FE second address: 70D80C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D80C second address: 70D812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D812 second address: 70D821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7EF4CDC566h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D821 second address: 70D825 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D520 second address: 70D534 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7EF4CDC566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F7EF4CDC56Eh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D534 second address: 70D538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D538 second address: 70D54A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7EF4CDC56Ch 0x00000008 jg 00007F7EF4CDC566h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D54A second address: 70D550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70EEB6 second address: 70EEBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70EEBC second address: 70EECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jl 00007F7EF47D6531h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70EECA second address: 70EEE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7EF4CDC575h 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70EEE9 second address: 70EEED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70EEED second address: 70EEF3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70EEF3 second address: 70EEFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 720E06 second address: 720E0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72F7B5 second address: 72F7CB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7EF47D651Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72F64D second address: 72F66B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F7EF4CDC56Ah 0x00000012 push edx 0x00000013 pop edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 jl 00007F7EF4CDC566h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72F66B second address: 72F673 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 736831 second address: 736837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73699D second address: 7369AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F7EF47D6516h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73B078 second address: 73B07C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73B07C second address: 73B097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F7EF47D651Fh 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73AC71 second address: 73AC9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC579h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F7EF4CDC57Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 jne 00007F7EF4CDC566h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74C4ED second address: 74C4F3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747EB8 second address: 747EC6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7EF4CDC566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747EC6 second address: 747ECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747ECC second address: 747EDB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC56Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75A415 second address: 75A41B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75A41B second address: 75A421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75A109 second address: 75A112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75BA2B second address: 75BA39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7EF4CDC56Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75BA39 second address: 75BA3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75BA3D second address: 75BA6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7EF4CDC574h 0x0000000b jmp 00007F7EF4CDC56Bh 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jns 00007F7EF4CDC566h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D1D6 second address: 75D1E8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7EF47D6516h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D1E8 second address: 75D1EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D1EE second address: 75D1F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7EF47D6516h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 774D4B second address: 774D62 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7EF4CDC56Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007F7EF4CDC583h 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 774D62 second address: 774D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 775198 second address: 7751AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7EF4CDC566h 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push ebx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7751AC second address: 7751B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7751B1 second address: 7751C9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F7EF4CDC573h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77745A second address: 77745E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77745E second address: 77746E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F7EF4CDC566h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77746E second address: 777484 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7EF47D6516h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F7EF47D651Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 777484 second address: 777490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jno 00007F7EF4CDC566h 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77B28A second address: 77B28E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77CC14 second address: 77CC2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7EF4CDC571h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77EC63 second address: 77EC6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77EC6A second address: 77ECB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7EF4CDC576h 0x00000009 popad 0x0000000a jno 00007F7EF4CDC57Ch 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007F7EF4CDC56Ch 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77ECB5 second address: 77ECBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77ECBA second address: 77ECC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4830E6C second address: 4830F17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7EF47D6527h 0x00000009 xor ax, 9EFEh 0x0000000e jmp 00007F7EF47D6529h 0x00000013 popfd 0x00000014 mov eax, 217FCF47h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c test ecx, ecx 0x0000001e jmp 00007F7EF47D651Ah 0x00000023 jns 00007F7EF47D6549h 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F7EF47D651Eh 0x00000030 sbb eax, 781A1528h 0x00000036 jmp 00007F7EF47D651Bh 0x0000003b popfd 0x0000003c movzx eax, bx 0x0000003f popad 0x00000040 add eax, ecx 0x00000042 jmp 00007F7EF47D651Bh 0x00000047 mov eax, dword ptr [eax+00000860h] 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 mov ecx, ebx 0x00000052 call 00007F7EF47D6527h 0x00000057 pop ecx 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4830F17 second address: 4830F4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7EF4CDC576h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b jmp 00007F7EF4CDC570h 0x00000010 je 00007F7F670B2382h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4830F4F second address: 4830F55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4830F55 second address: 4830F5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4830F5B second address: 4830F5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4E3B32 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 68786D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 710590 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004E30BA rdtsc

0_2_004E30BA

Source: C:\Users\user\Desktop\file.exe TID: 6980

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: file.exe, 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1537092285.000000000080E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502940880.000000000080E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1536910586.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516448997.000000000080E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516599759.000000000080E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004E30BA rdtsc

0_2_004E30BA

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004C5BB0 LdrInitializeThunk,

0_2_004C5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor

Source: file.exe, file.exe, 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: ]Program Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 PowerShell	1 DLL Side-Loading	1 Process Injection	24 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	24 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://login.steampowered.com/	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://recaptcha.net	0%	URL Reputation	safe
https://store.steampowered.com/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://help.steampowered.com/	0%	URL Reputation	safe
https://api.steampowered.com/	0%	URL Reputation	safe
https://store.steampowered.com/mobile	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/badges	100%	URL Reputation	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	true	unknown
sergei-esenin.com	172.67.206.204	true	true	unknown
eaglepawnoy.store	unknown	unknown	true	unknown
bathdoomgaz.store	unknown	unknown	true	unknown
spirittunek.store	unknown	unknown	true	unknown
licendfilteo.site	unknown	unknown	true	unknown
studennotediw.store	unknown	unknown	true	unknown
mobbipenju.store	unknown	unknown	true	unknown
clearancek.site	unknown	unknown	true	unknown
dissapoiznw.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
bathdoomgaz.store	true	unknown
studennotediw.store	true	unknown
clearancek.site	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
eaglepawnoy.store	true	unknown
mobbipenju.store	true	unknown
https://sergei-esenin.com/api	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e7	file.exe, 00000000.00000003.1502940880.000000000080E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/market/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english	file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/	file.exe, 00000000.00000002.1537141593.0000000000830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516448997.0000000000830000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net/recaptcha/;	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj	file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://medal.tv	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=	file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/K	file.exe, 00000000.00000003.1503080236.0000000000802000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502940880.0000000000800000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1537092285.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516448997.0000000000800000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516599759.0000000000802000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a61	file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en	file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/workshop/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://login.steampowered.com/	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steam.tv/	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/points/shop/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am	file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/	file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://127.0.0.1:27060	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/privacy_agreement/	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif	file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/recaptcha/	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.steampowered.com/	file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/mobile	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/	file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;	file.exe, 00000000.00000003.1502940880.0000000000830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502940880.000000000080E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1503080236.000000000080E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl	file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/about/	file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/badges	file.exe, 00000000.00000003.1502940880.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000869000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1502908368.0000000000863000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516407905.0000000000872000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true
172.67.206.204	sergei-esenin.com	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538049
Start date and time:	2024-10-20 05:38:33 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
23:39:35	API Interceptor	2x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm
172.67.206.204	LTHfL7T0bh.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	Setup.exe	Get hash	malicious	LummaC	Browse
	Setup.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	Setup.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
sergei-esenin.com	PTc16LnPI5.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	yRMHuXP8fH.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	FwJnQcLliE.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	LTHfL7T0bh.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	172.67.206.204
	Setup.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
steamcommunity.com	PTc16LnPI5.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	yRMHuXP8fH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	FwJnQcLliE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	LTHfL7T0bh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Unlock_Tool_2.4.exe	Get hash	malicious	Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	PTc16LnPI5.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	yRMHuXP8fH.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	FwJnQcLliE.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	LTHfL7T0bh.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	a1OueQJq4d.exe	Get hash	malicious	DCRat	Browse	172.67.19.24
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8
	rmrttE14rN.exe	Get hash	malicious	LummaC	Browse	104.21.12.55
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
AKAMAI-ASUS	PTc16LnPI5.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	yRMHuXP8fH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	FwJnQcLliE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	LTHfL7T0bh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Unlock_Tool_2.4.exe	Get hash	malicious	Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.102.49.254

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	S3AYU5t2JP.exe	Get hash	malicious	LummaC, Amadey, Stealc	Browse	104.102.49.254 172.67.206.204
	PTc16LnPI5.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	yRMHuXP8fH.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	FwJnQcLliE.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	LTHfL7T0bh.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	rmrttE14rN.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254 172.67.206.204

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.525275488309073
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'954'240 bytes
MD5:	8807c90712633e029ebf474483d8e5dd
SHA1:	4ee5ca2e42c4f22d953ef62574e8cddf3237c3e9
SHA256:	41fc1dac9a82abe35fdcf4a94e429c2a04aca4e9282cebeb792b1ab32f5f408b
SHA512:	559d4a0dc6e23bd9fa82a8e95f4642750a3f2ed7ce875db962106527681fae2df24f562294943d51169734c97a4d6bdbbf2255c53e99885ae5fce8ce1da7fdf3
SSDEEP:	49152:mWSaprGREqI6kO3QS8XljO80ZtTT7WVWT2HHs9bHRzI:mqZDUQS8VjO80rTGVbs9bHR0
TLSH:	1FD54C92F60AB2CFD49F57789567CD42A86C06FA072155C3E87C64BA7DA3CC025BBC24
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@...........................0.......-...@.................................W...k..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x709000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F7EF4FF2AEAh
pslld mm5, qword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F7EF4FF4AE5h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5f057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5f1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5d000	0x25e00	a16b2d22bb3164a95c460d5844e49c8f	False	0.9995745668316832	DOS executable (COM)	7.977450140927688	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x5e000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x5f000	0x1000	0x200	fe72def8b74193a84232a780098a7ce0	False	0.150390625	data	1.04205214219471	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
vftajktf	0x60000	0x2a8000	0x2a7e00	1cda082d0f3b541ce97c497165629445	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
qbhsvnkl	0x308000	0x1000	0x400	8e4836c9124b4c80a51b1335e8b4abe5	False	0.755859375	data	5.942650547920081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x309000	0x3000	0x2200	dd9d7072df8e429f7c8ce4b438d05b20	False	0.06318933823529412	DOS executable (COM)	0.6926352280941394	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-20T05:39:36.530709+0200	2056471	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)	1	192.168.2.8	56680	1.1.1.1	53	UDP
2024-10-20T05:39:36.544145+0200	2056485	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)	1	192.168.2.8	54877	1.1.1.1	53	UDP
2024-10-20T05:39:36.555333+0200	2056483	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)	1	192.168.2.8	49838	1.1.1.1	53	UDP
2024-10-20T05:39:36.566571+0200	2056481	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)	1	192.168.2.8	63219	1.1.1.1	53	UDP
2024-10-20T05:39:36.577823+0200	2056479	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)	1	192.168.2.8	57198	1.1.1.1	53	UDP
2024-10-20T05:39:36.588650+0200	2056477	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)	1	192.168.2.8	54582	1.1.1.1	53	UDP
2024-10-20T05:39:36.602429+0200	2056475	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)	1	192.168.2.8	64129	1.1.1.1	53	UDP
2024-10-20T05:39:36.613452+0200	2056473	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)	1	192.168.2.8	58501	1.1.1.1	53	UDP
2024-10-20T05:39:38.480523+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.8	49704	104.102.49.254	443	TCP
2024-10-20T05:39:39.867487+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.8	49705	172.67.206.204	443	TCP
2024-10-20T05:39:39.867487+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.8	49705	172.67.206.204	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 05:39:36.635792971 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:36.635837078 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:36.635915041 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:36.639023066 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:36.639040947 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:37.736635923 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:37.737060070 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:37.741065025 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:37.741082907 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:37.741391897 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:37.788400888 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:37.800760984 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:37.847419977 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.480767012 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.480829000 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.480870962 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.480895042 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.480925083 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.480937004 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:38.480952024 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.480963945 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:38.480973005 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:38.481004953 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:38.502070904 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.502125025 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.502232075 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:38.502244949 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.502266884 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:38.502286911 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:38.519634962 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.519691944 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.519781113 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:38.521301985 CEST	49704	443	192.168.2.8	104.102.49.254
Oct 20, 2024 05:39:38.521322966 CEST	443	49704	104.102.49.254	192.168.2.8
Oct 20, 2024 05:39:38.875017881 CEST	49705	443	192.168.2.8	172.67.206.204
Oct 20, 2024 05:39:38.875098944 CEST	443	49705	172.67.206.204	192.168.2.8
Oct 20, 2024 05:39:38.875179052 CEST	49705	443	192.168.2.8	172.67.206.204
Oct 20, 2024 05:39:38.875520945 CEST	49705	443	192.168.2.8	172.67.206.204
Oct 20, 2024 05:39:38.875535011 CEST	443	49705	172.67.206.204	192.168.2.8
Oct 20, 2024 05:39:39.646138906 CEST	443	49705	172.67.206.204	192.168.2.8
Oct 20, 2024 05:39:39.646272898 CEST	49705	443	192.168.2.8	172.67.206.204
Oct 20, 2024 05:39:39.685902119 CEST	49705	443	192.168.2.8	172.67.206.204
Oct 20, 2024 05:39:39.685923100 CEST	443	49705	172.67.206.204	192.168.2.8
Oct 20, 2024 05:39:39.686932087 CEST	443	49705	172.67.206.204	192.168.2.8
Oct 20, 2024 05:39:39.701143980 CEST	49705	443	192.168.2.8	172.67.206.204
Oct 20, 2024 05:39:39.701163054 CEST	49705	443	192.168.2.8	172.67.206.204
Oct 20, 2024 05:39:39.701390982 CEST	443	49705	172.67.206.204	192.168.2.8
Oct 20, 2024 05:39:39.867177963 CEST	443	49705	172.67.206.204	192.168.2.8
Oct 20, 2024 05:39:39.867268085 CEST	443	49705	172.67.206.204	192.168.2.8
Oct 20, 2024 05:39:39.867333889 CEST	49705	443	192.168.2.8	172.67.206.204
Oct 20, 2024 05:39:39.872231960 CEST	49705	443	192.168.2.8	172.67.206.204
Oct 20, 2024 05:39:39.872252941 CEST	443	49705	172.67.206.204	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 20, 2024 05:39:36.530709028 CEST	56680	53	192.168.2.8	1.1.1.1
Oct 20, 2024 05:39:36.540412903 CEST	53	56680	1.1.1.1	192.168.2.8
Oct 20, 2024 05:39:36.544145107 CEST	54877	53	192.168.2.8	1.1.1.1
Oct 20, 2024 05:39:36.553828955 CEST	53	54877	1.1.1.1	192.168.2.8
Oct 20, 2024 05:39:36.555332899 CEST	49838	53	192.168.2.8	1.1.1.1
Oct 20, 2024 05:39:36.565004110 CEST	53	49838	1.1.1.1	192.168.2.8
Oct 20, 2024 05:39:36.566570997 CEST	63219	53	192.168.2.8	1.1.1.1
Oct 20, 2024 05:39:36.576436043 CEST	53	63219	1.1.1.1	192.168.2.8
Oct 20, 2024 05:39:36.577822924 CEST	57198	53	192.168.2.8	1.1.1.1
Oct 20, 2024 05:39:36.587068081 CEST	53	57198	1.1.1.1	192.168.2.8
Oct 20, 2024 05:39:36.588649988 CEST	54582	53	192.168.2.8	1.1.1.1
Oct 20, 2024 05:39:36.600895882 CEST	53	54582	1.1.1.1	192.168.2.8
Oct 20, 2024 05:39:36.602428913 CEST	64129	53	192.168.2.8	1.1.1.1
Oct 20, 2024 05:39:36.612129927 CEST	53	64129	1.1.1.1	192.168.2.8
Oct 20, 2024 05:39:36.613451958 CEST	58501	53	192.168.2.8	1.1.1.1
Oct 20, 2024 05:39:36.622013092 CEST	53	58501	1.1.1.1	192.168.2.8
Oct 20, 2024 05:39:36.623980045 CEST	61094	53	192.168.2.8	1.1.1.1
Oct 20, 2024 05:39:36.630892992 CEST	53	61094	1.1.1.1	192.168.2.8
Oct 20, 2024 05:39:38.547846079 CEST	60822	53	192.168.2.8	1.1.1.1
Oct 20, 2024 05:39:38.874054909 CEST	53	60822	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 20, 2024 05:39:36.530709028 CEST	192.168.2.8	1.1.1.1	0xd73d	Standard query (0)	clearancek.site	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.544145107 CEST	192.168.2.8	1.1.1.1	0x7623	Standard query (0)	mobbipenju.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.555332899 CEST	192.168.2.8	1.1.1.1	0x606	Standard query (0)	eaglepawnoy.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.566570997 CEST	192.168.2.8	1.1.1.1	0x30e8	Standard query (0)	dissapoiznw.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.577822924 CEST	192.168.2.8	1.1.1.1	0xd695	Standard query (0)	studennotediw.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.588649988 CEST	192.168.2.8	1.1.1.1	0x1053	Standard query (0)	bathdoomgaz.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.602428913 CEST	192.168.2.8	1.1.1.1	0xdb1d	Standard query (0)	spirittunek.store	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.613451958 CEST	192.168.2.8	1.1.1.1	0x1d0a	Standard query (0)	licendfilteo.site	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.623980045 CEST	192.168.2.8	1.1.1.1	0x85f6	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:38.547846079 CEST	192.168.2.8	1.1.1.1	0x2d71	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 20, 2024 05:39:36.540412903 CEST	1.1.1.1	192.168.2.8	0xd73d	Name error (3)	clearancek.site	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.553828955 CEST	1.1.1.1	192.168.2.8	0x7623	Name error (3)	mobbipenju.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.565004110 CEST	1.1.1.1	192.168.2.8	0x606	Name error (3)	eaglepawnoy.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.576436043 CEST	1.1.1.1	192.168.2.8	0x30e8	Name error (3)	dissapoiznw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.587068081 CEST	1.1.1.1	192.168.2.8	0xd695	Name error (3)	studennotediw.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.600895882 CEST	1.1.1.1	192.168.2.8	0x1053	Name error (3)	bathdoomgaz.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.612129927 CEST	1.1.1.1	192.168.2.8	0xdb1d	Name error (3)	spirittunek.store	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.622013092 CEST	1.1.1.1	192.168.2.8	0x1d0a	Name error (3)	licendfilteo.site	none	none	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:36.630892992 CEST	1.1.1.1	192.168.2.8	0x85f6	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:38.874054909 CEST	1.1.1.1	192.168.2.8	0x2d71	No error (0)	sergei-esenin.com		172.67.206.204	A (IP address)	IN (0x0001)	false
Oct 20, 2024 05:39:38.874054909 CEST	1.1.1.1	192.168.2.8	0x2d71	No error (0)	sergei-esenin.com		104.21.53.8	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

sergei-esenin.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49704	104.102.49.254	443	2564	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 03:39:37 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-20 03:39:38 UTC	1891	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://ste [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sun, 20 Oct 2024 03:39:38 GMT Content-Length: 34508 Connection: close Set-Cookie: sessionid=fb6c9d6772d4d37dd051b81e; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C0e3d185a3e106e73b244decdec33a0ea; Path=/; Secure; HttpOnly; SameSite=None
2024-10-20 03:39:38 UTC	14493	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-20 03:39:38 UTC	16384	IN	Data Raw: 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 63 63 6f 75 6e 74 20 4d 65 Data Ascii: etY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" aria-label="Account Me

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49705	172.67.206.204	443	2564	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-20 03:39:39 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sergei-esenin.com
2024-10-20 03:39:39 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life

Target ID:	0
Start time:	23:39:34
Start date:	19/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x480000
File size:	2'954'240 bytes
MD5 hash:	8807C90712633E029EBF474483D8E5DD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	74.4%
Total number of Nodes:	39
Total number of Limit Nodes:	4

Executed Functions

Function 0048FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

J|BJ, xrefs: 0049000D
VY^_, xrefs: 0048FDFF
t, xrefs: 0048FCBE
V, xrefs: 0048FEDC

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: J|BJ$V$VY^_$t
API String ID: 0-3701112211
Opcode ID: 8cfa6813947af9eaccd6bcfc458c006c895447e9eb353b263e092d0b598e6fec
Instruction ID: b9464a7798837f20c4d145b55791f506c34b2ad6f05744974a55b6720c85a370
Opcode Fuzzy Hash: 8cfa6813947af9eaccd6bcfc458c006c895447e9eb353b263e092d0b598e6fec
Instruction Fuzzy Hash: 79D166745083909FD710DF14959062FBFE1AB92B48F188C2EE5C98B352D33ACD49DB9A

Function 0048D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 0048D2F1

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 820d23c049104c7f70cccc1aada72a9005c65b1d7dcb332ce3412a59f9f00fae
Instruction ID: e02664776ba9fa41aa922743e2f09c8588e448230f3f360d626a09e1ff3b0057
Opcode Fuzzy Hash: 820d23c049104c7f70cccc1aada72a9005c65b1d7dcb332ce3412a59f9f00fae
Instruction Fuzzy Hash: 4741597080E340ABC701BB69D684A2EFBF5AF52708F148C5EE5C497292C339D8109B6B

Function 004C5700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 004C5784

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 448589f73e1472f017ba4b9b8b9f1b188cf1bd250dff15d7dca79fe308e6657c
Instruction ID: f13d2432c6d19e1831a47dff544e1ca79553817191e8e898333f5bc419974e5b
Opcode Fuzzy Hash: 448589f73e1472f017ba4b9b8b9f1b188cf1bd250dff15d7dca79fe308e6657c
Instruction Fuzzy Hash: DA119E7991E240EBC701AF28E844E1FBBF5AF86711F05882DE4C49B211D339E851CB9B

Function 004C5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(004C973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 004C5BDE

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 004C695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

@, xrefs: 004C69C5

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 6374f43d29c0944d7c747d7cb24eb7d03b069a028b2d41c0afdd75133f3971db
Instruction ID: d472de96ea63730986e3c13d88522a14aa4b661ba060ec61c2db1529c7e9273e
Opcode Fuzzy Hash: 6374f43d29c0944d7c747d7cb24eb7d03b069a028b2d41c0afdd75133f3971db
Instruction Fuzzy Hash: 8E31AAB45083018FD758DF15D8A0B2BB7F1EF86348F14982EE5C697361E7399904CB5A

Function 0049049B Relevance: .3, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e97a94866cce2c6cf4de0cdfcaefec7758d9f14b52f229603596e1cf9e27d953
Instruction ID: e12bad80e864b14702a1e1843328d8f0ab8e2c0bdee5ac12c4f038dcb9c76db4
Opcode Fuzzy Hash: e97a94866cce2c6cf4de0cdfcaefec7758d9f14b52f229603596e1cf9e27d953
Instruction Fuzzy Hash: 38917975200B00DFD724CF26E894A16B7F6FF89314B118A7EE8568BAA1D734E819CB54

Function 00490228 Relevance: .2, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24eb69a3b4d7791092d92601a68ae27601047a235fdbe000b6b408590693811c
Instruction ID: e8eedc62de5c937a3e123bfc6260146948dbdf8da82eb6ac091af15d7c0b0c51
Opcode Fuzzy Hash: 24eb69a3b4d7791092d92601a68ae27601047a235fdbe000b6b408590693811c
Instruction Fuzzy Hash: EC719A74201700DFD7248F26E894F16BBF6FF89714F10897EE8468B662C739A819CB64

Function 004C99D0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c8fa472fc1b7957d883355ade2cb10f5e93d490efece338670ecc445004706e
Instruction ID: 99c42bfbe4cafa2be8d791321d947d9579117961d185cdc91d0937440a38be05
Opcode Fuzzy Hash: 1c8fa472fc1b7957d883355ade2cb10f5e93d490efece338670ecc445004706e
Instruction Fuzzy Hash: F841AF38208340BBD754DA15E894F2BB7E5EB85714F24882EF58A97351D339EC11CB6A

Function 004C63B8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d5e6e502ff191048c330b05055359427c65d9c37f8ee0d7dc43f3bdbb4561131
Instruction ID: d7e1792278edb9a7c5c4d45a5dff3efe96abefd6d92a2e48a74d2f48095537d1
Opcode Fuzzy Hash: d5e6e502ff191048c330b05055359427c65d9c37f8ee0d7dc43f3bdbb4561131
Instruction Fuzzy Hash: 2431E178209301BAD668DB04CD82F3BB7A5EB81B15F64852DF5815A2E1D374B8118B5E

Function 00490EEC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daac91851129e1d42ff00a4fd2089fad88c5e7e677fa19774f8eff5e526a0b45
Instruction ID: 27696f7a962b57e13ebb770509e6de0c8895e9dfecbc799dcaa1a9f63f7b34bf
Opcode Fuzzy Hash: daac91851129e1d42ff00a4fd2089fad88c5e7e677fa19774f8eff5e526a0b45
Instruction Fuzzy Hash: EA212AB590021A9FDF15CF94CC90BBEBBB2FB4A304F144819E811BB395C775A901CB68

Function 004C3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 004C32A6

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 17e23528b4a696fbc4bffa9efb1719f66167081a00f214481a730e6808c4c800
Instruction ID: 4fab2b12fed25ae773ad5f969a56bf79f6091b8af4c1dcb6e037764a3c9c2897
Opcode Fuzzy Hash: 17e23528b4a696fbc4bffa9efb1719f66167081a00f214481a730e6808c4c800
Instruction Fuzzy Hash: C9014B3450D2409BC701AF18E945E1ABBE8EF4A701F05896DE5C58B361D239DD60CB96

Function 004C3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 004C3208

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0f9f9ddd45e2ec26221fb0fb0e8035507822bc4e3210b76b218b35c131884efa
Instruction ID: ef48f2047579a4b690b631d0ef8308f16330718f09345760276b362a7b94bb14
Opcode Fuzzy Hash: 0f9f9ddd45e2ec26221fb0fb0e8035507822bc4e3210b76b218b35c131884efa
Instruction Fuzzy Hash: 9AB01130880000AFEE082B00EC0AF003A20EB00A0AF8000B0A200080B2E2A2A8A8CAA8

Non-executed Functions

Function 004B23E0 Relevance: 33.0, APIs: 4, Strings: 13, Instructions: 3298COMMON

Download Yara Rule

Strings

ggxz, xrefs: 004B2685
|}&C, xrefs: 004B2F21
Wu, xrefs: 004B344B, 004B4861
Cx, xrefs: 004B453D
`tii, xrefs: 004B2693
{l`~, xrefs: 004B268C
%*+(, xrefs: 004B40EF
aenQ, xrefs: 004B276A
:, xrefs: 004B32DD
f@~!, xrefs: 004B25FF
mlc@, xrefs: 004B275C
3<, xrefs: 004B32D6
fedc, xrefs: 004B2782

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C$Wu
API String ID: 0-1419478863
Opcode ID: 7d7fd92b1daa0d245fc27de36eb2d3c0b88150926c6329cffe6d8fdd397bcb33
Instruction ID: bf199d6c7457bae5c4cbbb356dee4b3e94481d445fd351565bf39f232dee8972
Opcode Fuzzy Hash: 7d7fd92b1daa0d245fc27de36eb2d3c0b88150926c6329cffe6d8fdd397bcb33
Instruction Fuzzy Hash: 8333CD70504B818FD7258F39C5907A3BBE1BF16304F58899EE4DA8B792C739E806CB65

Function 0049DB6F Relevance: 32.0, Strings: 24, Instructions: 2006COMMON

Download Yara Rule

Strings

()./, xrefs: 0049E9CA
%*+(, xrefs: 0049DE37, 0049DE46
dcba, xrefs: 0049E728
@ONM, xrefs: 0049E6DB
lkji, xrefs: 0049E73E
:WUE, xrefs: 0049F6B7, 0049F6C6
T, xrefs: 0049F157
`onm, xrefs: 0049E733
mjkh, xrefs: 0049E7D8
LKJI, xrefs: 0049E6E6
WP, xrefs: 0049DCEF
89&', xrefs: 0049E93B
<=2, xrefs: 0049EA01
|, xrefs: 0049ECB1
tsrq, xrefs: 0049E6FC
89>?, xrefs: 0049E9F6
xgfe, xrefs: 0049E71D
<=:;, xrefs: 0049E930
tuJK, xrefs: 0049E967
DCBA, xrefs: 0049E887, 0049E896
`Y^_, xrefs: 0049E99E
D, xrefs: 0049E846
QNOL, xrefs: 0049E775
AR, xrefs: 0049DD10

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
API String ID: 2994545307-1418943773
Opcode ID: 8743a31be00b95244e25c89fb299a9b41c40d2b1785af8eed97cb1e74d909c60
Instruction ID: 9c83451453601e112df594ab921f53060a76ff96fac4c6a5be366cefc7742bc5
Opcode Fuzzy Hash: 8743a31be00b95244e25c89fb299a9b41c40d2b1785af8eed97cb1e74d909c60
Instruction Fuzzy Hash: B8F278B05093819FDB70CF15C484BABBBE2BFD5304F54482EE4C98B251DB399985CB9A

Function 004A9F62 Relevance: 21.7, Strings: 17, Instructions: 473COMMON

Download Yara Rule

Strings

sm, xrefs: 004AA830
_Y, xrefs: 004AA641
hi, xrefs: 004AAB9D
N[, xrefs: 004AA375
=], xrefs: 004AA36A
?m,o, xrefs: 004AA13C
CG, xrefs: 004AAA32
(a*c, xrefs: 004AA147
WQ, xrefs: 004AA62B
%e6g, xrefs: 004AA152
]{, xrefs: 004AA1E7, 004AA1F3
WH, xrefs: 004AAA1C
S], xrefs: 004AA636
kW, xrefs: 004AA380
/), xrefs: 004AA66D
JG, xrefs: 004AAA27
Gt, xrefs: 004A9FF8

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
API String ID: 0-1131134755
Opcode ID: eed4fe489a1d8cd866c8d63667d0c143cfb14220d56c0c6533fa5d1bbd9c455a
Instruction ID: 5c1f35f5767199eacc1c2ab9ac576c675375150261a9b905d209597e0c282637
Opcode Fuzzy Hash: eed4fe489a1d8cd866c8d63667d0c143cfb14220d56c0c6533fa5d1bbd9c455a
Instruction Fuzzy Hash: 6552C6B400D385CAE271CF26D581B8EBAF1BB92740F608A1EE1ED5B255DB748045CF97

Function 004A9510 Relevance: 20.4, Strings: 16, Instructions: 427COMMON

Download Yara Rule

Strings

8;, xrefs: 004A9B13
X/R), xrefs: 004A9AEB
2A"_, xrefs: 004A9980
?M0K, xrefs: 004A9968
O+f), xrefs: 004A9634, 004A963D
!E4G, xrefs: 004A9836
B7U1, xrefs: 004A9AFB
L3Y=, xrefs: 004A9B03
G'M!, xrefs: 004A9ADB
B?Q9, xrefs: 004A9B0B
z=Q?, xrefs: 004A9826
,A&C, xrefs: 004A982E
;IJK, xrefs: 004A983E
pq, xrefs: 004A99E0
T#a-, xrefs: 004A9AE3
G+X5, xrefs: 004A9AF3

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
API String ID: 0-655414846
Opcode ID: 6641feddbe39edf335d7cb9fde77d7a60b339535c566e258a9b5f8f4deaf72a0
Instruction ID: e73814400a78c0ce4db57ef77c68fc4fe652d1b42be0d408f6a0cd32981864b8
Opcode Fuzzy Hash: 6641feddbe39edf335d7cb9fde77d7a60b339535c566e258a9b5f8f4deaf72a0
Instruction Fuzzy Hash: 9EF13FB4508380ABD310DF15D881A2BBBF4FBA6748F144D1EF5D59B252D378D908CBAA

Function 004ADD29 Relevance: 18.6, Strings: 14, Instructions: 1142COMMON

Download Yara Rule

Strings

=]+_, xrefs: 004AE276
rJ, xrefs: 004AE92E
upH}, xrefs: 004ADE8A, 004AE798, 004ADF4A
hX]N, xrefs: 004ADDC7
<Y.[, xrefs: 004AE27D
-M2O, xrefs: 004AE25A
)IgK, xrefs: 004AE261
J, xrefs: 004AE9C5
,Q?S, xrefs: 004AE26F
{E, xrefs: 004AE323
%*+(, xrefs: 004AE143
Y9N;, xrefs: 004AE245
n\+H, xrefs: 004ADDC0
J, xrefs: 004AE403, 004AE664, 004AE7BD

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: J$%*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$rJ$upH}${E$J
API String ID: 0-1967210647
Opcode ID: 49fd9e389dceb69d3cc36de9b04ff4f6417e597cf45ac413d14baeb05fc8b129
Instruction ID: c49ea468feba9f4547c48d6adf132a308dd07df2e7d8c84e5e0685d4f5aaf0b3
Opcode Fuzzy Hash: 49fd9e389dceb69d3cc36de9b04ff4f6417e597cf45ac413d14baeb05fc8b129
Instruction Fuzzy Hash: 8192F471E01205CFDB04CF69D8917AEBBB2FF5A314F29416AE412AB3A1D735AD01CB94

Function 0064DC8B Relevance: 14.1, Strings: 10, Instructions: 1638COMMON

Download Yara Rule

Strings

O7~;, xrefs: 0064E4F7
}Jod, xrefs: 0064E8CA
N~\, xrefs: 0064E558
%_g, xrefs: 0064E4A6
s{, xrefs: 0064EB9B
As5s, xrefs: 0064E248
%_g, xrefs: 0064E498
[[?, xrefs: 0064DF4B
=z[, xrefs: 0064EFEB
#%>?, xrefs: 0064DE88

Memory Dump Source

Source File: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: #%>?$%_g$%_g$As5s$O7~;$}Jod$=z[$N~\$[[?$s{
API String ID: 0-3884283504
Opcode ID: 1883ca0731bebc78c8414961482ed6e2d33e1147a19bd61672c9f19835811779
Instruction ID: e9b3eebddc90b5424ff2c46ec9846eed85454fa48ce3448d8a1ab0d742a43fc2
Opcode Fuzzy Hash: 1883ca0731bebc78c8414961482ed6e2d33e1147a19bd61672c9f19835811779
Instruction Fuzzy Hash: 59B227F360C204AFE3046E2DEC8567AFBE9EF94720F1A493DEAC583744E67558018697

Function 00657ED5 Relevance: 13.0, Strings: 9, Instructions: 1710COMMON

Download Yara Rule

Strings

MC=, xrefs: 00658D92
{.s{, xrefs: 00658DB5
.*~5, xrefs: 006589C6
G c|, xrefs: 0065913A
^N;, xrefs: 00658B10
[O$s, xrefs: 00659363
V~[, xrefs: 006592E6
]Puo, xrefs: 006587E0
=;v>, xrefs: 00658355

Memory Dump Source

Source File: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: .*~5$=;v>$G c|$MC=$V~[$[O$s$]Puo$^N;${.s{
API String ID: 0-2415315080
Opcode ID: 9add9260fe89f05dcb7f9035464fae88a43e8c5892711bea222c158a20b06376
Instruction ID: 7a437859604ba3a0fa0f6a2a321b69260daa8c819f1e3caae9e7c6549057c4e3
Opcode Fuzzy Hash: 9add9260fe89f05dcb7f9035464fae88a43e8c5892711bea222c158a20b06376
Instruction Fuzzy Hash: B8B26AF3A0C2049FE304AE2DEC8567AB7E9EF94720F1A463DEAC4C7744E93558058697

Function 004A098B Relevance: 10.8, Strings: 8, Instructions: 836COMMON

Download Yara Rule

Strings

{, xrefs: 004A1502
%*+(, xrefs: 004A0A77, 004A0A86
gce/, xrefs: 004A1073
&> &, xrefs: 004A0F89
9.5^, xrefs: 004A0F9F
cah`, xrefs: 004A107E
,#15, xrefs: 004A0F94
qrqp, xrefs: 004A1089

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
API String ID: 0-4102007303
Opcode ID: 5542a36f3510fd29c2728997ebf15500b678803d9902ddae6ad94ee10742d21a
Instruction ID: e8e75ead22c9b8421490c2854b3567cb0993f328230a7b30f5a14ba8ecb9736c
Opcode Fuzzy Hash: 5542a36f3510fd29c2728997ebf15500b678803d9902ddae6ad94ee10742d21a
Instruction Fuzzy Hash: 9862A9B56083818BD330DF14D891BABB7E1FFA6314F044D2EE49A8B651E3799940CB57

Function 00481000 Relevance: 10.5, Strings: 7, Instructions: 1785COMMON

Download Yara Rule

Strings

gfff, xrefs: 00482297
-, xrefs: 004821ED
gfff, xrefs: 00482226
gfff, xrefs: 004822E1
0123456789ABCDEFXP, xrefs: 0048157D, 004815EB
0123456789abcdefxp, xrefs: 00481587, 004815F8
@, xrefs: 00482C40

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
API String ID: 0-2517803157
Opcode ID: ce0d780eb78fbd36130b89a65f67ca3f7bbe13c16d5a82622cdb35502470b962
Instruction ID: 520557dca59100726bba4216583e5a71ad919086ecc0fea51d051f9a4bff930a
Opcode Fuzzy Hash: ce0d780eb78fbd36130b89a65f67ca3f7bbe13c16d5a82622cdb35502470b962
Instruction Fuzzy Hash: 9BD204716083418FC718DE29C49436FBBE2AFC5314F188E2EE89987391D778D946CB86

Function 0064F8B3 Relevance: 10.3, Strings: 7, Instructions: 1585COMMON

Download Yara Rule

Strings

Jp, xrefs: 00650823
G}Ci, xrefs: 00650309
|\!k, xrefs: 0064FD08
OXv^, xrefs: 006506BA
aQ;;, xrefs: 0065054D
Ym, xrefs: 00650304
HXv^, xrefs: 006509FE, 00650B4E, 00650B62, 00650BA0

Memory Dump Source

Source File: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: G}Ci$HXv^$Jp$OXv^$aQ;;$|\!k$ Ym
API String ID: 0-388495763
Opcode ID: 5b4513d7ca27d15cbe0d466261d0acafced935f32e1752aa915ea0eb31fb90eb
Instruction ID: 27c6d6f788ed57083e3795fee86034e9ffb0e4c304019ce3ccd9f03461ba3f30
Opcode Fuzzy Hash: 5b4513d7ca27d15cbe0d466261d0acafced935f32e1752aa915ea0eb31fb90eb
Instruction Fuzzy Hash: A7B2F3F360C2049FE708AF2DEC8567ABBE9EF94720F16492DEAC5C3740E67558018796

Function 00481569 Relevance: 7.9, Strings: 6, Instructions: 433COMMON

Download Yara Rule

Strings

+, xrefs: 004821CB
gfff, xrefs: 00482297
gfff, xrefs: 00482226
gfff, xrefs: 004822E1
0123456789ABCDEFXP, xrefs: 0048157D
0123456789abcdefxp, xrefs: 00481587

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff
API String ID: 0-925659942
Opcode ID: ce44a5cecb580eae4dec5c07fe275d34526a14c6d243865da331c84f599dcbd3
Instruction ID: b0e6de42fc57bcbabd93bae59e2a0f68fb5ebcf3152e2a0085d9de853797fc75
Opcode Fuzzy Hash: ce44a5cecb580eae4dec5c07fe275d34526a14c6d243865da331c84f599dcbd3
Instruction Fuzzy Hash: 7CF12971A087418FC308DE29C59036EBBE2AFD9304F18CA2EE4998B395D678D905CB46

Function 00652E47 Relevance: 7.9, Strings: 5, Instructions: 1655COMMON

Download Yara Rule

Strings

)A6-, xrefs: 0065380E
tw>, xrefs: 00653796
c>s{, xrefs: 006538A3
c>s{, xrefs: 00653896
YN[, xrefs: 006541A9

Memory Dump Source

Source File: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: )A6-$YN[$c>s{$c>s{$tw>
API String ID: 0-2910714150
Opcode ID: 1664856e33db033b12560a600b429b822ef58daf2db813b8a145c647c00febb7
Instruction ID: 1486d66bfc66ff906a3b20a9c0e8e05b2ac6a639d81f095fbdb3a95062838a3c
Opcode Fuzzy Hash: 1664856e33db033b12560a600b429b822ef58daf2db813b8a145c647c00febb7
Instruction Fuzzy Hash: B0B25BF360C204AFE3046E2DEC8567ABBE9EFD4320F1A4A3DE6C5C3744E97558058696

Function 0065498D Relevance: 7.9, Strings: 5, Instructions: 1628COMMON

Download Yara Rule

Strings

un, xrefs: 00654D76
Hev, xrefs: 00655025
16@, xrefs: 00654B06
.&2, xrefs: 00655834
8NO, xrefs: 006549BD

Memory Dump Source

Source File: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: .&2$16@$8NO$Hev$un
API String ID: 0-1523795198
Opcode ID: 2b70f4c4b376c666e1ae84f34fa50299d9ba36503f7bf8238cbe3117da389e44
Instruction ID: df679bb9df25a2f4f3e6208987f8ba1b853086b1178d30941111f289fc4f9f82
Opcode Fuzzy Hash: 2b70f4c4b376c666e1ae84f34fa50299d9ba36503f7bf8238cbe3117da389e44
Instruction Fuzzy Hash: 57B215F3A0C6049FE3046E2DEC8567AFBE5EFD4720F1A493DEAC483744EA3558058696

Function 0064A8ED Relevance: 7.7, Strings: 5, Instructions: 1425COMMON

Download Yara Rule

Strings

.i};, xrefs: 0064AC77
{4~o, xrefs: 0064B8A6
C8f, xrefs: 0064AAE5
.2n/, xrefs: 0064B306
)qS0, xrefs: 0064AFAC

Memory Dump Source

Source File: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: )qS0$.2n/$.i};$C8f${4~o
API String ID: 0-3969249672
Opcode ID: 5d3b84611541a6dc24a6e63ffa602e513bb43ee075936cb853cd332dedde1a59
Instruction ID: 1d77b43b34c30c70dd26c1d2b2d813fb25acd3e9e553fa93edd3d2621ed3b059
Opcode Fuzzy Hash: 5d3b84611541a6dc24a6e63ffa602e513bb43ee075936cb853cd332dedde1a59
Instruction Fuzzy Hash: 1D9219F360C2049FE3046E2DEC8577ABBE9EF94320F1A893DE6C4C3744EA7559058696

Function 004812F7 Relevance: 7.2, Strings: 5, Instructions: 922COMMON

Download Yara Rule

Strings

@, xrefs: 00483531
0, xrefs: 00481E88
i, xrefs: 004828EA
0, xrefs: 00481DC1
0, xrefs: 0048243E

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: 0$0$0$@$i
API String ID: 0-3124195287
Opcode ID: 6ab29a27268861de9022c16b4ce4372ea522ada66180f1536953603810c9a25a
Instruction ID: 91a61f1b9bc7623258319d9cb7a9c067e5f48472f7241f10a3618189b99e4881
Opcode Fuzzy Hash: 6ab29a27268861de9022c16b4ce4372ea522ada66180f1536953603810c9a25a
Instruction Fuzzy Hash: F062C27160C3819BC319EE28C59076FBBE1ABD5304F188E2EE8D997391D3B8D945CB46

Function 004AFD10 Relevance: 5.7, Strings: 4, Instructions: 667COMMON

Download Yara Rule

Strings

NA_I, xrefs: 004B036D
:, xrefs: 004B0087
uvw, xrefs: 004AFE95
m1s3, xrefs: 004AFEC3, 004AFECB

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: :$NA_I$m1s3$uvw
API String ID: 0-3973114637
Opcode ID: da7ebe468b68171d404a178c7d65642dfae34ba863c186a788ae4910bdd9dcee
Instruction ID: 5a386430b20976f789e824e83cc183276483c9754d9b43b21822ed400ae938f5
Opcode Fuzzy Hash: da7ebe468b68171d404a178c7d65642dfae34ba863c186a788ae4910bdd9dcee
Instruction Fuzzy Hash: A332CBB0509380DFD314DF29D880B6BBBE1AB8A305F14496EF5D58B362D339D905CB6A

Function 00493BE2 Relevance: 5.4, Strings: 4, Instructions: 431COMMON

Download Yara Rule

Strings

ss, xrefs: 00493C79
%*+(, xrefs: 00493EC4
;z, xrefs: 00493C87
p, xrefs: 00493C80

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+($;z$p$ss
API String ID: 0-2391135358
Opcode ID: e8c7b8e290658c6bac19e04c2d416c83d1a9976966a72f7edd60809de7edbbc8
Instruction ID: fef5d08de16afb429213e8f4a964894c8f6dc133b7941c79c5f4f6446bc9380f
Opcode Fuzzy Hash: e8c7b8e290658c6bac19e04c2d416c83d1a9976966a72f7edd60809de7edbbc8
Instruction Fuzzy Hash: D9027EB4810700DFDB60EF25D986B57BFF0FB02305F50495DE89A8B685E334A819CB96

Function 004A2260 Relevance: 5.4, Strings: 4, Instructions: 383COMMON

Download Yara Rule

Strings

hu, xrefs: 004A232F
a|, xrefs: 004A2317
lc, xrefs: 004A2507
sj, xrefs: 004A2327

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: a|$hu$lc$sj
API String ID: 0-3748788050
Opcode ID: 91807a4a518a174f9d312ce15583207e5b9e28588449a304a26f0b5f5b67ffde
Instruction ID: cacb571654296c8fda220ade4ba0ec3106e8d2bb9f492cf3a33065d96b1a88db
Opcode Fuzzy Hash: 91807a4a518a174f9d312ce15583207e5b9e28588449a304a26f0b5f5b67ffde
Instruction Fuzzy Hash: 6CA1ADB04083418BC720DF18C891A2BB7F0FFA6354F548A0DE8D59B391E379D945DB9A

Function 004AD7AF Relevance: 5.2, Strings: 4, Instructions: 213COMMON

Download Yara Rule

Strings

CV, xrefs: 004AD98B
KV, xrefs: 004AD97D
T>, xrefs: 004AD984
#', xrefs: 004AD9EA

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: #'$CV$KV$T>
API String ID: 0-95592268
Opcode ID: 7c10223b1dc1cfebfa64fd74ea6cf555fd1e44104d36524ece13270000e5803d
Instruction ID: 5f656404a909ef3e2917a34d169b277fa91b932a14b6452412057697a85cc958
Opcode Fuzzy Hash: 7c10223b1dc1cfebfa64fd74ea6cf555fd1e44104d36524ece13270000e5803d
Instruction Fuzzy Hash: A98154F4801B459BDB20DFA6D2851AFBFB1BF12300F60460DE4866BA55C334AA55CFE6

Function 004AAC91 Relevance: 5.1, Strings: 4, Instructions: 128COMMON

Download Yara Rule

Strings

4c2a, xrefs: 004AACA9
,{*y, xrefs: 004AAD07, 004AAD13
lk, xrefs: 004AACBC
(g6e, xrefs: 004AACA1

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: (g6e$,{*y$4c2a$lk
API String ID: 0-1327526056
Opcode ID: 5a061b6164fb35c5366270aa15f00a56a0f45cdcf15c434502ad17350739800d
Instruction ID: 2f3a50eb8d0bd82fefb9a5dd3602827767abd8c9a5cf193a5bc81a3320163b0e
Opcode Fuzzy Hash: 5a061b6164fb35c5366270aa15f00a56a0f45cdcf15c434502ad17350739800d
Instruction Fuzzy Hash: 7A41A8B4409381DBD7219F20D900BABB7F0FF86305F54996EE9C897220DB39D944CB9A

Function 004AC470 Relevance: 4.2, Strings: 3, Instructions: 419COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004AC8C3, 004AC8CB
~/i!, xrefs: 004AC537
%*+(, xrefs: 004AC9E4, 004AC9ED

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+($%*+($~/i!
API String ID: 0-4033100838
Opcode ID: 0ddeadd0696e4955601a09ef97b17028af5d5d263c8ae54d5eed2024d1232cef
Instruction ID: c5608fe3a1a3f45020dc1adee09b07b8a428b038b017bfbbe58408491de5e886
Opcode Fuzzy Hash: 0ddeadd0696e4955601a09ef97b17028af5d5d263c8ae54d5eed2024d1232cef
Instruction Fuzzy Hash: FFE1A7B5509340EFE3209F64D881B2BBBF5FB96344F44882EE5898B261D739D810CB96

Function 00488590 Relevance: 4.1, Strings: 3, Instructions: 387COMMON

Download Yara Rule

Strings

), xrefs: 00488616
IEND, xrefs: 004889F0
), xrefs: 0048860C

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: b8fd7961f2aedf9687a6fd3b071aaa3d6e5d666870e5c4ad602eafa71ded9f82
Instruction ID: 72dd9f015c9787d01b8475e45f1de43829f552d0839a0a0af914c946b6175ddd
Opcode Fuzzy Hash: b8fd7961f2aedf9687a6fd3b071aaa3d6e5d666870e5c4ad602eafa71ded9f82
Instruction Fuzzy Hash: 65E1F2B1A083019FE310EF29D88172FBBE0BB94304F54492EE59597381DB79E915CBC6

Function 006569ED Relevance: 3.7, Strings: 2, Instructions: 1150COMMON

Download Yara Rule

Strings

fX~], xrefs: 00657723
79g~, xrefs: 00657224

Memory Dump Source

Source File: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: 79g~$fX~]
API String ID: 0-2770847771
Opcode ID: 2621bf21938619d8761871f45a981a320a9024809a776a0da9fd1569e73a7d39
Instruction ID: 9110901e9a963275d6635d8adff1b6dd6dc00d65f2c13c9f1cbeda5d5e8a30b5
Opcode Fuzzy Hash: 2621bf21938619d8761871f45a981a320a9024809a776a0da9fd1569e73a7d39
Instruction Fuzzy Hash: 5472F6F3A0C6149FE3046E29EC8177AF7E5EF94720F1A893DEAC4C3744EA3558058696

Function 004C4040 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004C40A4, 004C40AD
f, xrefs: 004C420C

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+($f
API String ID: 0-2038831151
Opcode ID: 49012d9914e1698181ff47991c374e069ce436dbde4c7d475c10830a97a20e61
Instruction ID: f681716589e42b3a0b28cdd01d0949e2d864ec7ce1ef700be7f14924d9ac4dce
Opcode Fuzzy Hash: 49012d9914e1698181ff47991c374e069ce436dbde4c7d475c10830a97a20e61
Instruction Fuzzy Hash: 5F129D796093409FC754CF18C990F2FBBE1BBC9314F188A2EE89487391D739E9458B96

Function 004BF620 Relevance: 3.0, Strings: 2, Instructions: 461COMMON

Download Yara Rule

Strings

hi, xrefs: 004BF6E6
dg, xrefs: 004BF7F5

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: dg$hi
API String ID: 0-2859417413
Opcode ID: 58e3529c6600a84ddad16326b27410623c3160c959a87e1b3367ef60aad10def
Instruction ID: c676a2b3093a449dc34daeb8a9e00c9966f6405906e522f5c051a8c74bb5fbe0
Opcode Fuzzy Hash: 58e3529c6600a84ddad16326b27410623c3160c959a87e1b3367ef60aad10def
Instruction Fuzzy Hash: EAF18871618341EFE704CF24D891B6ABBE5EB96344F148D2EF0898B2A1C778D945CB26

Function 004835B0 Relevance: 2.9, Strings: 2, Instructions: 411COMMON

Download Yara Rule

Strings

NaN, xrefs: 0048360E
Inf, xrefs: 00483607

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: edb54cc904bb572959d3e6d0e6792f4affdfb89ba1f029e8e15fc9e0b0661617
Instruction ID: f6389e660c954fd052676b36ade0aa7b2a9056aa98241f471467180fb61a6e64
Opcode Fuzzy Hash: edb54cc904bb572959d3e6d0e6792f4affdfb89ba1f029e8e15fc9e0b0661617
Instruction Fuzzy Hash: 41D1E6B1A083119BC718EF29C88061FB7E1EBC8B50F148D2EF99997390E775DD058B86

Function 0049FFDF Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

Ye[g, xrefs: 004A00F6
BaBc, xrefs: 004A0197

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: BaBc$Ye[g
API String ID: 0-286865133
Opcode ID: 2fc3f59b83cd4e43248354b0fba860fe39b76d98bf0bad70ceb2794b2af1c97b
Instruction ID: 786525bb01a93a08cee1f7a7c6dcd63fb16bb532c8152869ca21bd9bdfecf721
Opcode Fuzzy Hash: 2fc3f59b83cd4e43248354b0fba860fe39b76d98bf0bad70ceb2794b2af1c97b
Instruction Fuzzy Hash: 8351ACB16093818BD731CF14D481BABB7E0FFA7354F08491EE49A8B651E3789940CB5B

Function 00485160 Relevance: 1.8, Strings: 1, Instructions: 577COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 004854C8

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: 791ef21b302f77bbf7d77c31be989afbb3b3607326be51b38711e0c5c1df7e6c
Instruction ID: db42ff8f0bd3f9ffd00864eb036b240d9ace6495837b1295f1a351f9eac6deea
Opcode Fuzzy Hash: 791ef21b302f77bbf7d77c31be989afbb3b3607326be51b38711e0c5c1df7e6c
Instruction Fuzzy Hash: 7222D3B6A08B428BE715AE18D54032FBBA2AFE0304F19CD6FD8594B341E779DC45C74A

Function 004B12D0 Relevance: 1.7, Strings: 1, Instructions: 484COMMON

Download Yara Rule

Strings

", xrefs: 004B15D1

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction ID: 1b761bbbb26330cb3a1a318aef3d16c7f94508117d078022ddd89bf374f1334e
Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
Instruction Fuzzy Hash: 7AF16B71A083415FC724CF25C4A06ABBBE5AFC1344F5CC96EE899873A2D638DC05C7A6

Function 004AAE57 Relevance: 1.7, Strings: 1, Instructions: 455COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004AB2D3, 004AB2DB

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: b1466941ca9cf3da9fa2c3c5b9c9be65940746aa96e6bd3a46a6e41c58b002b5
Instruction ID: 2db2e2b324a3a46fb186af2341cafa34b99f41ac40a457226edd85faa051f8e8
Opcode Fuzzy Hash: b1466941ca9cf3da9fa2c3c5b9c9be65940746aa96e6bd3a46a6e41c58b002b5
Instruction Fuzzy Hash: CCE1BD71508306DBC714EF24C49056FB7E2FFAA781F54892EE8C587321E339A955CB8A

Function 00496EBF Relevance: 1.7, Strings: 1, Instructions: 447COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00496EF3

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 2195a7466d0331d9989a6940601ad51bd657d6ab2603ae507d5b6fb70e23bf77
Instruction ID: 343a6450cb4f4c7eefe2e1321cf37936721ad2298973c78b08f9bef3b85a6450
Opcode Fuzzy Hash: 2195a7466d0331d9989a6940601ad51bd657d6ab2603ae507d5b6fb70e23bf77
Instruction Fuzzy Hash: 28F1AF75A00A018FCB24DF25D981A26B7F2FF48314B158A3EE49787791EB38F815CB49

Function 004A7E60 Relevance: 1.7, Strings: 1, Instructions: 425COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004A8263, 004A826B

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 89ecc7758fc2b477f762fdea6d6b8ad340856f847eba05f2a716f6d63d063508
Instruction ID: 0487fee54ce15be6b0736220ae2d35b3ae1036ae7121a1e87b6da140cce5881f
Opcode Fuzzy Hash: 89ecc7758fc2b477f762fdea6d6b8ad340856f847eba05f2a716f6d63d063508
Instruction Fuzzy Hash: 3FC1A071908200ABD720AB14CC81A2BB7F5EFA6754F08881EF8C597351E739DD15CBAB

Function 004A8D62 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004A9233, 004A923B

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: e21184987c0cfaad60db2b0b3a3664397228664acf5ccc144fad0b4acf15715c
Instruction ID: a36ff5d012a03a94b12e7dca5ff15feda5d0fdbf086ee4eed464713e33ad5978
Opcode Fuzzy Hash: e21184987c0cfaad60db2b0b3a3664397228664acf5ccc144fad0b4acf15715c
Instruction Fuzzy Hash: 96D1CD70619302DFD704DF64D890B2AB7E6FF9A304F59487EE48687291D738E850CB59

Function 00494487 Relevance: 1.6, Strings: 1, Instructions: 389COMMON

Download Yara Rule

Strings

BII, xrefs: 0049485E

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: BII
API String ID: 0-2732887492
Opcode ID: 955f8ef5de38e480d9aa2cedcb384fb5e8f8e2bef8d57dde48054e7df7e589d5
Instruction ID: 938c04802fcfba573229565243f9d48cd03a109b293dbabe1013c21e12bda1a7
Opcode Fuzzy Hash: 955f8ef5de38e480d9aa2cedcb384fb5e8f8e2bef8d57dde48054e7df7e589d5
Instruction Fuzzy Hash: 08E122B4500B008FD761CF28D992B97BBE1FF46708F04886DE4AAC7752E739B8148B58

Function 004C7FC0 Relevance: 1.6, Strings: 1, Instructions: 387COMMON

Download Yara Rule

Strings

P, xrefs: 004C8167

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 076200e692ba649a3cad58707928b8e407c634a07d3a1fa0c3d4c1863e133824
Instruction ID: 48ddc64176ce6c29c6e216e296903e2c0e0a72e62cab0051edc64f89d655a64d
Opcode Fuzzy Hash: 076200e692ba649a3cad58707928b8e407c634a07d3a1fa0c3d4c1863e133824
Instruction Fuzzy Hash: AED118369082614FC755CE18D890B1FB7E1EB85718F15863DE8A5AB380DB75DC06C7C9

Function 004C6CBF Relevance: 1.6, Strings: 1, Instructions: 384COMMON

Download Yara Rule

Strings

"pL, xrefs: 004C7015

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: "pL
API String ID: 0-2497527761
Opcode ID: 281d4bcc0dd1ce9e8b0e2943fdab2d1e31b40adb38b18addad92ddef8ce21f49
Instruction ID: b9a12a073936244315e6970377f3aab76aff835797297a0dc4c55b9d21e38938
Opcode Fuzzy Hash: 281d4bcc0dd1ce9e8b0e2943fdab2d1e31b40adb38b18addad92ddef8ce21f49
Instruction Fuzzy Hash: BAD1F336619351CFC724CF38E8C062AB7E2AB89315F098A7ED491C73A1D734DA44CB95

Function 004ACCD0 Relevance: 1.6, Strings: 1, Instructions: 357COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004ACDC3, 004ACDCB

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: 4336eea7c0fc720ccb0c6a186e598eccbfcfeeb7c4a95878a354aea909f52bdd
Instruction ID: ea7f94f9667186c960cfc77e3a445bb7ac79f4a389a16a0658c0d7f012796a53
Opcode Fuzzy Hash: 4336eea7c0fc720ccb0c6a186e598eccbfcfeeb7c4a95878a354aea909f52bdd
Instruction Fuzzy Hash: D8B1F470A093018FD754DF14D880B2BBBE2EFA6344F14492EE5C58B351E739E855CBAA

Function 0048A850 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

,, xrefs: 0048A9C3

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction ID: 3c71a1c048dc62145ee3735f6927b0fad873676e3a6398189ff4818657e03287
Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
Instruction Fuzzy Hash: 31B116712083819FD324DF18C88461FBBE1AFA9704F448E2EE5D997342D675EA18CB67

Function 004BFC20 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004BFCA4, 004BFCAD

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 46d05e5776a4958544e86018627ab258cad824a095aff00308495717e80882b4
Instruction ID: 6665d2e77b1f40860d2dde7ce1f84a0306df859a1b2ad21eb435577504ae3eda
Opcode Fuzzy Hash: 46d05e5776a4958544e86018627ab258cad824a095aff00308495717e80882b4
Instruction Fuzzy Hash: 5681EC70209300EBD710DF59DD80B2BB7E5FB99705F14882EF18987251E738E819CB6A

Function 0049D457 Relevance: 1.5, Strings: 1, Instructions: 248COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0049D663, 0049D66B

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: ab0c611718ed3bf2d2ee54da2f67fbc1c85d58d76c5dc1b867b7df321ed86025
Instruction ID: 31ab5d205451cd21769a8c7952951a0c1ce275b3ab97ddc05a70471201eb7d28
Opcode Fuzzy Hash: ab0c611718ed3bf2d2ee54da2f67fbc1c85d58d76c5dc1b867b7df321ed86025
Instruction Fuzzy Hash: DF61D171909200EBDB10AF58D882A2BB7B0FF95358F09083EF98587351E739DD11C79A

Function 004C4A40 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004C4C33, 004C4C3B

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: c99eb877373f2a2d3c5eb97a573be98abbc1c2acafcc13ce3912ed312af551d0
Instruction ID: ed92748bd3e2a694baa8eadf48259c837bc245f77790c025fc5321587dfb5f00
Opcode Fuzzy Hash: c99eb877373f2a2d3c5eb97a573be98abbc1c2acafcc13ce3912ed312af551d0
Instruction Fuzzy Hash: 556133786093019BD750DF15CAA0F2BB7E6EBC4314F24892EE984873A1D739EC40CB5A

Function 0048E1A0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0048E333

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: 4d0edb2b38eb6a84e226ad643da3565be9ef900366d0000c3b74aa54599edef3
Instruction ID: 850d398d2ff1bf7d1560f8f0e654a08f3ac8a9305b4a9732c958fb3a0cc2342b
Opcode Fuzzy Hash: 4d0edb2b38eb6a84e226ad643da3565be9ef900366d0000c3b74aa54599edef3
Instruction Fuzzy Hash: 35513823B196A04BD324A93E4C5526E7AC70BD2334B3DCBBAE9F58B3E1D5198C025355

Function 004C3920 Relevance: 1.4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004C39E3, 004C39EB

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: a94720d292d2718f9a167633256a4fa4de46e476145dc2cace631f39f35cce1e
Instruction ID: c345a855dd342363638b11d8688ce5a125e8e55925577b87e24841a0e918a6e8
Opcode Fuzzy Hash: a94720d292d2718f9a167633256a4fa4de46e476145dc2cace631f39f35cce1e
Instruction Fuzzy Hash: 2B51A0786092009BC764DF15D880F2BB7E5EB89706F14C82EE4C687351D77AED20CB6A

Function 00491BEE Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

L3, xrefs: 00491C3E

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: L3
API String ID: 0-2730849248
Opcode ID: 358540601b57783536ad35314ef7f0bc2a1aadda5d95c2a07c86e4a5788496a7
Instruction ID: 8f856d655d897cd935f50d07085489c27423f72b83e3648cb65f35048de93367
Opcode Fuzzy Hash: 358540601b57783536ad35314ef7f0bc2a1aadda5d95c2a07c86e4a5788496a7
Instruction Fuzzy Hash: BA4167740083819BCB149F15D854A2FBBF0FF86354F048A2DF5C59B2A1D73AC915CB5A

Function 005A1A6F Relevance: 1.4, Strings: 1, Instructions: 126COMMON

Download Yara Rule

Strings

w, xrefs: 005A1ABB

Memory Dump Source

Source File: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: w
API String ID: 0-3659469774
Opcode ID: a6dc7feae3068114434e6ddfd2f46f5f2548e59210b0dee25fd7cdec97a5f96d
Instruction ID: 2fbd0be45a4cbb830bead990588bf0d4443b87875df5eada0b794b9aa5016cb0
Opcode Fuzzy Hash: a6dc7feae3068114434e6ddfd2f46f5f2548e59210b0dee25fd7cdec97a5f96d
Instruction Fuzzy Hash: 673148F3E092241BE314292EEC48726F7DAEBE4721F6A813DDB48A7780EC351C058295

Function 004BFF70 Relevance: 1.4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

Strings

%*+(, xrefs: 004C0033, 004C003B

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 2c385923fbc35f9ca3ef8ec01a38fe73fc1a015ff8c1f06530d4735ef86fce81
Instruction ID: e3c3f8da8aed26aabf18a9635bd36498aefd628b7ac172adf284d4b67e48b356
Opcode Fuzzy Hash: 2c385923fbc35f9ca3ef8ec01a38fe73fc1a015ff8c1f06530d4735ef86fce81
Instruction Fuzzy Hash: A5311879604305EBD650EB16EC81F2BB7E8EB85748F15482EF88487252E339DC14C76B

Function 004E30BA Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

V, xrefs: 004E43E1

Memory Dump Source

Source File: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: 334375f8ef593544b61c51806f887a5d96835e053416da6085127576d2445fa1
Instruction ID: 7582eeeddee2936319245870bccfb2f97a0a80fa4f733ee68e8ea2b5a3f1184a
Opcode Fuzzy Hash: 334375f8ef593544b61c51806f887a5d96835e053416da6085127576d2445fa1
Instruction Fuzzy Hash: 2641AEB1108289DFDB019F56D4016BE7BB5FF91352F60442BEC8282A01E37A4C15EB5F

Function 005FC8AF Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

S&3o, xrefs: 005FC975

Memory Dump Source

Source File: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: S&3o
API String ID: 0-3982122235
Opcode ID: e51e93fecab45da01cfc262284195354847a9ed8444113363c2c6f509b831f80
Instruction ID: bd1a059b705652ebae459d05a21beb903a0f6dac74298033618e46bd99c8b018
Opcode Fuzzy Hash: e51e93fecab45da01cfc262284195354847a9ed8444113363c2c6f509b831f80
Instruction Fuzzy Hash: 683144F3E551109BF3085838DD69776BA86E7E4321F2EC63DDA99977C8EC394C098280

Function 004AE40C Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

72?1, xrefs: 004AE6A2

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 46261a80456f53fc2a348aea30b8e102f042cff800b38486d878ea6ecc8ea280
Instruction ID: 20f1abd5800a97de6dc6d292e8991dc4cbda799a308fbd929aed7eb8cf4efeb0
Opcode Fuzzy Hash: 46261a80456f53fc2a348aea30b8e102f042cff800b38486d878ea6ecc8ea280
Instruction Fuzzy Hash: 7B3106B5A01204DFC720DF96E8D05AFB7B4FB16304F54086EE446A7311C339A941CBAA

Function 00496F91 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0049703B

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: a2e120367d7df2cf518716a04a56aae2f43310c5f76ffe4260f9eef8caa3c6ce
Instruction ID: 549d120f90c8024e99e7cad58ec645dc12d1bbe8b26d6e83322d87fbdef990ea
Opcode Fuzzy Hash: a2e120367d7df2cf518716a04a56aae2f43310c5f76ffe4260f9eef8caa3c6ce
Instruction Fuzzy Hash: A5415A75215B04DBDB248F61D994F27BBF2FB09705F24882EE58697B61E739F8008B18

Function 005AF8C7 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

&gw, xrefs: 005AF9DB

Memory Dump Source

Source File: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: &gw
API String ID: 0-2486251772
Opcode ID: e4e0a4c4f5c6a815c9a60ab2cc6ff167237b91a93d766e090485d8d8000c785e
Instruction ID: 5247734fc8243f2724dd3a497063ac188e402dc30267db2c018198ab37997d9d
Opcode Fuzzy Hash: e4e0a4c4f5c6a815c9a60ab2cc6ff167237b91a93d766e090485d8d8000c785e
Instruction Fuzzy Hash: EE31F2F3A597049BE7086E28EC9A37AF7D1EB94321F1B053DCAC943780ED7914058A86

Function 004AE66A Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

72?1, xrefs: 004AE6A2

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID: 72?1
API String ID: 0-1649870076
Opcode ID: 910c5a7ca33f21f4c3cde29eece1f4c078bb9e63131c3cedeb9fadd4ddb8a244
Instruction ID: cd2ac5a499effb585d7fdd7e4c32625fd6a98ca5fe6d32b2ccb8680276631b68
Opcode Fuzzy Hash: 910c5a7ca33f21f4c3cde29eece1f4c078bb9e63131c3cedeb9fadd4ddb8a244
Instruction Fuzzy Hash: 6D2105B5901204DFC720DF96D8D066FBBB5BB1B304F54086ED446A7351C339AD41CBAA

Function 004C9CE0 Relevance: 1.3, Strings: 1, Instructions: 87COMMON

Download Yara Rule

Strings

@, xrefs: 004C9D30

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 5c9e6a9f287c1801a2c4ce94c51ec9408c0165ace231dc51fba66ca78d84191e
Instruction ID: f166b84c9efb1b90bf8db45bf87f361392375d8665e25fc8ebf8e71bdbf05cbc
Opcode Fuzzy Hash: 5c9e6a9f287c1801a2c4ce94c51ec9408c0165ace231dc51fba66ca78d84191e
Instruction Fuzzy Hash: 83319A74509300ABD350DF15D884B2BFBF5EF8A314F14892EE1C6A7251D339D904CBAA

Function 00494E2A Relevance: 1.0, Instructions: 957COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5456ee8fc1a9f7f9b68c41807dbdbcc931dcf37975511ec42357639913fccedc
Instruction ID: ebe5147aa289725318a9b3f7e267e138a36e280321c585bd4060ebfee754a150
Opcode Fuzzy Hash: 5456ee8fc1a9f7f9b68c41807dbdbcc931dcf37975511ec42357639913fccedc
Instruction Fuzzy Hash: 26625A70500B009FDB26DF24D980B27BBF5AF46704F54896ED49B87A52E738F808CB99

Function 0048BEB0 Relevance: .9, Instructions: 895COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction ID: 17ff7a69041aaf132d496fe558d3ec587f96d25918b9cca10923e121b3bf3f76
Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
Instruction Fuzzy Hash: 1B52D8319087118BC725AF18E4802BFB3E1FFD5319F154E2ED98693391D738A855CB9A

Function 004C8652 Relevance: .7, Instructions: 710COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 511a027fa113f744dbda750ecaab832654203f1b2c07d21dcac2c06e7373d427
Instruction ID: 957b3cef4ce47e42073085a6c2fb9a00597f3d5f2ad529d09c170be1f8b5f5fb
Opcode Fuzzy Hash: 511a027fa113f744dbda750ecaab832654203f1b2c07d21dcac2c06e7373d427
Instruction Fuzzy Hash: 2C22B93960A241DFC704DF68E894A2EB7E1FB8A315F09887EE5C987351D735E850CB4A

Function 004C86F0 Relevance: .7, Instructions: 681COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05d2b866eb0c0bbc80a8f2bfdc896ad4e5b83242728a84275777edef159632a8
Instruction ID: 6e4f830efa4d8482f516ed792b79c6bf9bc1ac4edabcb217bbb2b008a0084247
Opcode Fuzzy Hash: 05d2b866eb0c0bbc80a8f2bfdc896ad4e5b83242728a84275777edef159632a8
Instruction Fuzzy Hash: 8622993960A241DFC704DF68E894A1EBBE1FB8A305F09897EE5C987351D735E850CB4A

Function 0048B3A0 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c1f92a7d0e1f13f2ae93f3f142d7c9b30b7d9f330abc5a5d11da84d8ed263cc
Instruction ID: 52ce98d7bbcdead3c048fa03b4e60e3b4be9e706263cb4231fbee74318b0b753
Opcode Fuzzy Hash: 7c1f92a7d0e1f13f2ae93f3f142d7c9b30b7d9f330abc5a5d11da84d8ed263cc
Instruction Fuzzy Hash: C752A370908B849FE735EB24C4947ABBBE2EB91314F144C2FC5D606B82C77DA885C799

Function 004871F0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 356de9b13606b6b5f4d591d948473c14f4ae6e951ddaf1d9c5c82dc410a0512f
Instruction ID: 245c34beff58ee28f6d00d2066f09642d28918b9885aa16f6c1c1a357527c352
Opcode Fuzzy Hash: 356de9b13606b6b5f4d591d948473c14f4ae6e951ddaf1d9c5c82dc410a0512f
Instruction Fuzzy Hash: 4B52E33150C3458FCB15DF28C0A06AEBBE1FF89314F298A6EE89957351D738E949CB85

Function 00488FD0 Relevance: .6, Instructions: 620COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a138eecb30a9a24d023362e4924a8557b003f4b68060b3cd78d50652cf21f680
Instruction ID: 50b56a29167fda384855b4ab12004c39df76a5ae0218e1fe4748f257ab740057
Opcode Fuzzy Hash: a138eecb30a9a24d023362e4924a8557b003f4b68060b3cd78d50652cf21f680
Instruction Fuzzy Hash: EF428775608341DFD748CF29D850B6ABBE1BF88315F09886DE8858B3A1D339D985CF46

Function 00487BF0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99bf4f8420e526b2a0c753f33582f829d86c93798ed41b39ecad4ea78e5cb879
Instruction ID: 237ee64cd249282956763cf8b68d9287b0349d1df053d6b17a9afa69bd2b12c2
Opcode Fuzzy Hash: 99bf4f8420e526b2a0c753f33582f829d86c93798ed41b39ecad4ea78e5cb879
Instruction Fuzzy Hash: FF321370514B118FC368DF29C69052ABBF1BF55710BA04E2ED6A787B90DB3AF845CB18

Function 004C89A0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 745ca2f7051ca856a2f8297455884e09acc550c0c30fdda56c3ad62e5f669d82
Instruction ID: e08577da61a3f3a8d28728e14a1046e55cdefbb1cf7b658ab4ebd2007f93db56
Opcode Fuzzy Hash: 745ca2f7051ca856a2f8297455884e09acc550c0c30fdda56c3ad62e5f669d82
Instruction Fuzzy Hash: 4402AA35609241DFC744DF68E884A1EFBE1EF8A305F09896EE5C587361C739D910CB9A

Function 004C8A80 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8eebabc85c82884a9df9a61379df3875a71b2086340bd4b6b01e64ade4b8661
Instruction ID: 2013ba4eb24ec917aede6bf67220d07b32607703c01685bd2a81809719b2bb4b
Opcode Fuzzy Hash: e8eebabc85c82884a9df9a61379df3875a71b2086340bd4b6b01e64ade4b8661
Instruction Fuzzy Hash: F2F18935609341DFC744DF68E884A1EFBE1AB8A305F09896EE4C587351D73AD910CB9A

Function 004C8C02 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 581583ab6e734ba04dafdef085f79bc696ee2fe4e2b8f24543071316646240f9
Instruction ID: 660fc9ff72880728bfe7ed596f37783a7cbb864633e45205982616be7d8ca48b
Opcode Fuzzy Hash: 581583ab6e734ba04dafdef085f79bc696ee2fe4e2b8f24543071316646240f9
Instruction Fuzzy Hash: 69E1BD35609340DFC704DF28E880A2AF7E2FB8A315F09896EE4D987351D73AD910CB96

Function 0048A300 Relevance: .5, Instructions: 459COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction ID: b5058cd29e85369a70927d7f95a90db95380bc776cbea19a9d710f2a4e8104c9
Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
Instruction Fuzzy Hash: 10F1CC756083418FD724DF29C88066FBBE2AFD8300F088C2EE4C587751E679E855CB66

Function 004C8E70 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f3021dbc2a776951670541d8780bf3c0aac8f03a87f1645da3dcde7d53c1791
Instruction ID: 8395828dd0d82fa67913b07c6547c8fa399cf2a92a8443c8129969db6d790a6d
Opcode Fuzzy Hash: 4f3021dbc2a776951670541d8780bf3c0aac8f03a87f1645da3dcde7d53c1791
Instruction Fuzzy Hash: 65D18D3460D280DFD745DF28D894A2AFBF5EB8A305F09896EE4C587351D73AD810CB56

Function 004C7AB0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac7474fe52d2b41224ced7f22045188d57d1a017c652ee65dee5b3d3e93aac34
Instruction ID: 059746357227c9f898e3c185098419ed7c69315bb85a1be6f50b0f83c902c5b7
Opcode Fuzzy Hash: ac7474fe52d2b41224ced7f22045188d57d1a017c652ee65dee5b3d3e93aac34
Instruction Fuzzy Hash: EFB12776A0C3504BE354DF29CC81B6BB7E5ABC5314F08492EE99997382E739DC048B96

Function 0048AF10 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction ID: 62fd3d60e9efa168d7f10eca90b69e34ed21fa786341e41a64254014881f922e
Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
Instruction Fuzzy Hash: 91C158B2A087418FC360DF68DC96BABB7E1FB85318F084D2DD1D9C6242E778A155CB46

Function 00496536 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5242e8d8b6d5f31682232d49185f6161410c8c40b4fac2a48abf3c8427cd925d
Instruction ID: b86ab9be5cd7a907f8fa6785c97587c954c098f87e7b0c5ea2d3ba91599cda3d
Opcode Fuzzy Hash: 5242e8d8b6d5f31682232d49185f6161410c8c40b4fac2a48abf3c8427cd925d
Instruction Fuzzy Hash: 13B11474500B409FD721DF24D981B17BBF1AF46704F14886EE8AA8BB52E339F805CB58

Function 004C7710 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 919c0edb28e219cc146dd8e456c08b9d002cf2ee44e9dbfc9daa8ff503752328
Instruction ID: c7e54fb60bf133bc568656de0b744a1bbb419504c2b7d021823be6d400737403
Opcode Fuzzy Hash: 919c0edb28e219cc146dd8e456c08b9d002cf2ee44e9dbfc9daa8ff503752328
Instruction Fuzzy Hash: 1E91BD79609301ABE760DB15C840F6FBBE5EB85354F54882EF58487351E738E940CBAA

Function 004CA0D0 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e72c9e829f022ed928e30c358f2d21affb994cbc87d4c40389adb8f1593fb3c0
Instruction ID: 1c05975e7d62f15fd693119501b36422d9360837fdd969dc07dca3d19101b719
Opcode Fuzzy Hash: e72c9e829f022ed928e30c358f2d21affb994cbc87d4c40389adb8f1593fb3c0
Instruction Fuzzy Hash: C681BF382093458BC764DF28D890F2BB7E5EF45748F14896EE88587361E735EC20C79A

Function 005838E6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c70d6fbc12e936aacaf4b727684574dc788449befada90b13da91908a91d73d
Instruction ID: e8f289b711528099350e6adfd274d4ca928a0c5b878cc63ed4d1ef93f1c40648
Opcode Fuzzy Hash: 3c70d6fbc12e936aacaf4b727684574dc788449befada90b13da91908a91d73d
Instruction Fuzzy Hash: 217148F3A193045BF3445E7DEC88776BADADBD4360F2B463DEA84C7780E97848028652

Function 004B64F0 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2395dc19cbf347acbcdf9f749d57db0f1fe9778f86e8aa9552428ac71d836ea5
Instruction ID: cc4c11e3ca6f588f63b480ff422851a4a76f374b6e5e118de56630ac5acdbf5c
Opcode Fuzzy Hash: 2395dc19cbf347acbcdf9f749d57db0f1fe9778f86e8aa9552428ac71d836ea5
Instruction Fuzzy Hash: CF71E737B29A904BC3249D3C5C813E6AA835BD6334B3EC37AE9B4CB3E5D52D48064365

Function 004A28E9 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b5e40c1fd018c66b42586dbde6bfbc0f3e125bb514907a1eb8c6a26e9f2e1a5
Instruction ID: 8d0282629aaa7aabf6ee41483cbab0fb970847500e8831116d26c79e43dc4884
Opcode Fuzzy Hash: 3b5e40c1fd018c66b42586dbde6bfbc0f3e125bb514907a1eb8c6a26e9f2e1a5
Instruction Fuzzy Hash: 156176B44083509BD310AF19E981A2BBBF0EFA6754F08491EF4C58B361E379D910DB6B

Function 004A7C00 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae51ec92d8c20076ab8880dbd60138fd14f6b87b2147c6783d6bc48220225a4d
Instruction ID: 9e7fcbd2296adcca613fd299a891a1265561ad9888aba34d97bc2369d61235f5
Opcode Fuzzy Hash: ae51ec92d8c20076ab8880dbd60138fd14f6b87b2147c6783d6bc48220225a4d
Instruction Fuzzy Hash: 3C51B1B1608204ABDB309B64CC92B7733B4EFA6368F144959F9858B391F379DC05C76A

Function 004B1860 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction ID: eb941950c8c13aea708bbfccc1a47fea78993d866520c3625325d722290f3521
Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
Instruction Fuzzy Hash: 0961E5316093419BD714CF28C5A079FBBE2ABC9350FA4C92FE4898B371D278ED41975A

Function 004B82D0 Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2805a423760d1a852568f5013e70465c3f1dff92f1e048b938c4970c480d1c09
Instruction ID: 5fdba5bcbeeb721b8d02c32a15b58e0803f999ea80801c36252f49ca2c3a953a
Opcode Fuzzy Hash: 2805a423760d1a852568f5013e70465c3f1dff92f1e048b938c4970c480d1c09
Instruction Fuzzy Hash: 03612823A5A9914BC324493C5C553E66A875BD2330F3EC37FD8B58B3E5D96E4802C366

Function 00646A84 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faae7f07ef906382b3a885b0eddd793d7e62b7b15c1a2e56623d0609b6e163de
Instruction ID: a00338d30deff7cc9bb3b2dcbb3e8edbcff89fe96b99681e99a821f25e030021
Opcode Fuzzy Hash: faae7f07ef906382b3a885b0eddd793d7e62b7b15c1a2e56623d0609b6e163de
Instruction Fuzzy Hash: C651F4F3E141205BE350996DEC4479BB6DAABD4370F2F4639EE98E7380E8399C0642D1

Function 004942FC Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96b438afb57ba79f3737b5a897aff23b1638ddc1b077a9e5c26ef6918cf90af0
Instruction ID: aa210514c33da7fac4cec5ef8339ebef3730bda1d08278bc8a36a5b3deceff4d
Opcode Fuzzy Hash: 96b438afb57ba79f3737b5a897aff23b1638ddc1b077a9e5c26ef6918cf90af0
Instruction Fuzzy Hash: 6A8105B4811B00AFD360EF39D907757BEF4AB06205F404A2EE4EA97695E7306419CBE7

Function 004BE8A0 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction ID: beeae6a8325a3bbae23ed2c2e21cde242ea4da83740a9583c7570b8f439aee0b
Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
Instruction Fuzzy Hash: E4518EB15083448FE314DF29D49439BBBE1BBC9318F044E2EE4E983351E379D6088B96

Function 004EF87A Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27a90bc9d18a5a3a589c9420de515eb3b54877bd770dd8880e26fe6aafd812e1
Instruction ID: 76d01ef9e9457b3af82bd1201d34b0017597baecdcf15463e7e181701aa05773
Opcode Fuzzy Hash: 27a90bc9d18a5a3a589c9420de515eb3b54877bd770dd8880e26fe6aafd812e1
Instruction Fuzzy Hash: 9451F6F3A182141FF308992EDD99776B6DADBC4320F2B823DEA49937C8E8B958054195

Function 004C7520 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 550d0d07751bef967931e92b14d768d95c0146833aec325dabc16dbf16246026
Instruction ID: 68fd43db1f0e437a92cf1e3e56c9dfba6063b6de543f697cde3717c24468fc5d
Opcode Fuzzy Hash: 550d0d07751bef967931e92b14d768d95c0146833aec325dabc16dbf16246026
Instruction Fuzzy Hash: D551283970D200ABC7549E18DC90F2FB7E6FB85364F288A2DE8D557391D635EC108B99

Function 0063D9C5 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7a5db96be9bf0d30fdc03e4b565100c49b817ebfabed89f8e8c579242223f45
Instruction ID: b268c1093b6421613175b8723f5bce65d8b9b46e05cac7aba8b12477fccb287b
Opcode Fuzzy Hash: c7a5db96be9bf0d30fdc03e4b565100c49b817ebfabed89f8e8c579242223f45
Instruction Fuzzy Hash: 845115F3B191005BF348993CDC957B6779ADBD4321F29863EEA81C7788ED3898054291

Function 00485A50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6981baac7a122e75df14560cb0e5a682c8832a535ed9e7c0e0757177dcb5234
Instruction ID: 21e169fad5af75faf8d3b57845953a77b61b169f48b0eed85621b67bb74fc659
Opcode Fuzzy Hash: d6981baac7a122e75df14560cb0e5a682c8832a535ed9e7c0e0757177dcb5234
Instruction Fuzzy Hash: 4651D375A047049FC714EF18D88092FB7A1FF85328F154A6EE8959B352D634EC42CB9A

Function 0058C03E Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78e7cc28f477c0837e1730b60edd34f8d2bcca9537fbc02e2f4b9181f7109235
Instruction ID: 6243890933263a19503e0b1248fce6b2fa91f717857e02002f83e67f4e1f0503
Opcode Fuzzy Hash: 78e7cc28f477c0837e1730b60edd34f8d2bcca9537fbc02e2f4b9181f7109235
Instruction Fuzzy Hash: 1B413AF3E082105BE3086E3CDD553B6B7D6EB54760F16463EDAC4C7B84E93A99048686

Function 004AEC48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cea455eb9fc03b69d67ada04da5d567acad6cb9e0ec5e3c13734c503fd1445e5
Instruction ID: 48d5678ad933a23242ef45873fb91d0cf27dec0dbf520d8116fb8e91491987bd
Opcode Fuzzy Hash: cea455eb9fc03b69d67ada04da5d567acad6cb9e0ec5e3c13734c503fd1445e5
Instruction Fuzzy Hash: A641D278900316DBDF20CF95DC91BAEB7B0FF1A300F044549E955AB3A0EB389950CBA9

Function 005734F6 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3107f7d88f1f439aa93f00843a6ba8d7c959b233a6fddff80b07c33c0f4058ac
Instruction ID: f8f5554a1dfd4aff1d388f8641dcdbefc9901ec6a14c7e89904d17a400bce87a
Opcode Fuzzy Hash: 3107f7d88f1f439aa93f00843a6ba8d7c959b233a6fddff80b07c33c0f4058ac
Instruction Fuzzy Hash: DB412BF3A085004BF710A93EED4977BBAD6CFD4320F26863DD688D7788D934C9468692

Function 004C9B60 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8c6da5b9d91bf91a1eade896acac9cd5d612ca57afcf53214e12706ad9f6c20
Instruction ID: 6fe71dd18c3494a5bc10a70ffb307639ee3e125f5c9cb28f65c582023a5fcb1a
Opcode Fuzzy Hash: a8c6da5b9d91bf91a1eade896acac9cd5d612ca57afcf53214e12706ad9f6c20
Instruction Fuzzy Hash: 5C419C38208300ABD750DB15D994F2BBBE6EB85714F24882EF58997351D339EC01CBAA

Function 00492030 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f2548d12a675e7e2330cae07bf69ffa9fdf6ce570e807f694698c3274cef2e4
Instruction ID: e2a391973eb4f46ebaa3bd4a771008ad626d8850dbb870553605e5e4244835b0
Opcode Fuzzy Hash: 1f2548d12a675e7e2330cae07bf69ffa9fdf6ce570e807f694698c3274cef2e4
Instruction Fuzzy Hash: C4411732A083215FD75CCE29849463ABBE2ABC5300F09823EE5DA873D0DAB98945D785

Function 00491E93 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9ec05819fa272860538d3c201554d62bfe7a4eb88049d36f4563feaafdfb931
Instruction ID: 896364a7183422752932dfdb46fa4f3d7977685b134abcc7b2ffd11a1e1fb2ea
Opcode Fuzzy Hash: b9ec05819fa272860538d3c201554d62bfe7a4eb88049d36f4563feaafdfb931
Instruction Fuzzy Hash: E541F474508380ABD710AB59C884B1EFBF5FB86345F144D2DF6C497252C37AD8148F5A

Function 004C8D8A Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ba763e7072a962c689bcfe049f86fe5a1b247b319f3190fba65a950b2848932
Instruction ID: ce43a99728abb300622e84ffc8b47acbf87f4e174308780197975b9da8fa8b7f
Opcode Fuzzy Hash: 0ba763e7072a962c689bcfe049f86fe5a1b247b319f3190fba65a950b2848932
Instruction Fuzzy Hash: F341C2356082548FC344DF68C490A2FFBE6AF99300F098A6ED4D697391CB78DD018B8A

Function 0049D961 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe229cf8c0b5b0833040de8d8c5c1f7216195d07031c7848ca9bf004956fea32
Instruction ID: 039239b2d66009b8dca5816ce0770830fb9d8346947bc9dfa7ee8b89b063092c
Opcode Fuzzy Hash: fe229cf8c0b5b0833040de8d8c5c1f7216195d07031c7848ca9bf004956fea32
Instruction Fuzzy Hash: 5041CEB19093818BD7309F14C881BAFB7B0FFA6364F04096EE48A8B751E7784840CB5B

Function 005678CF Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ba05cd8a84295597dc8269c07734c7987271937d7c1d410014bf62063f0f01c
Instruction ID: 8ad339d3acf9eaea9d216d1bd77c838842018aaad7f71996515945d7f14346e5
Opcode Fuzzy Hash: 7ba05cd8a84295597dc8269c07734c7987271937d7c1d410014bf62063f0f01c
Instruction Fuzzy Hash: 5D3129F3D191205BD3185E2DDC452A6F6FAEFA4360F3B092EE6C4D7380E67598048786

Function 004BF030 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction ID: 859dd277cbae7ad5605c89f6fa9d2ec07877a4a3a8ab5e9b93148e4b6646ffce
Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
Instruction Fuzzy Hash: B5210A3290812447C324EB6DC98157BF7E4EB9A704F06863FD9C8A7295E3399C1487E5

Function 004C67EF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a7b9b4c07d16e582edbde4b8ef46493aa520558e105bdd454131ad3aec2db91
Instruction ID: 92c0393cb4a312f35016d7db2312003519acf7481c575d370649674971a80dc6
Opcode Fuzzy Hash: 7a7b9b4c07d16e582edbde4b8ef46493aa520558e105bdd454131ad3aec2db91
Instruction Fuzzy Hash: A53136745183829AD714DF14C490A2FBBF0EF96788F50981EF4C8AB261D338D985CB9A

Function 004A5E70 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aada8e889b17a70a3c07ee88d1b835abd7cec827b484143f15bbb124989db0d5
Instruction ID: 83c9226216bd1a9a395ec9e2214f08ead98f985f6d293a8cc4402f23fa60481f
Opcode Fuzzy Hash: aada8e889b17a70a3c07ee88d1b835abd7cec827b484143f15bbb124989db0d5
Instruction Fuzzy Hash: 9A219FB0509201DBD310AF18C95192BB7F4EFA6764F44891DF4D59B391E338C900CBAB

Function 004849A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction ID: 0c221de70d7fb650530724cd6141d3449530e650d6cb9afdd2c0b5fa28052897
Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
Instruction Fuzzy Hash: 7531C9716482029BD714BE18D88052FB7E1EFC4358F188D2EE89A8B341D339DC42CB4A

Function 004C64B8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8da4b1ee80098c435559a00c3b8e822d32e312fabd2122722e801b29e34fafd7
Instruction ID: f7c7f31bfe700b0e4b513fb2ca12a67c33f45cfaad4cc139af43e603c7cb1054
Opcode Fuzzy Hash: 8da4b1ee80098c435559a00c3b8e822d32e312fabd2122722e801b29e34fafd7
Instruction Fuzzy Hash: 6921697850C2409BC748EF19D580E2EF7E5EB85745F29882EE4C493361C338A851CB6E

Function 004BB650 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: b6e5ce82ed9d40060a313eb2734124a88266a098762e50895abf70d8744c44fe
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 0B11E933A051D40EC3168D3C84405A5BFA35AB3234B59439AF4F49B2D2D766CD8B93BA

Function 004B0B80 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction ID: 55ebd74366e35c36b3da0381f04f13ed34f831d72eb1798253d2fc6eb96d1d4e
Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
Instruction Fuzzy Hash: 380175F5A0430147EB24AE95A4D1B7BB2A86F5071DF18492ED40657302DB79FC05C7B9

Function 004AD1E1 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6376b8710c28bca72e2fa52e70c06ba26edc68ed794a40647bff3c72a3e4d7c
Instruction ID: 48aba8404517b44cd7a0b4565765f7cf0224912fcea69fc562ed49a180273612
Opcode Fuzzy Hash: f6376b8710c28bca72e2fa52e70c06ba26edc68ed794a40647bff3c72a3e4d7c
Instruction Fuzzy Hash: EA111FB0408380AFD3109F618584A1FFBE0EBA6714F148C0EF5A45B251C379D805CF1A

Function 00486EA0 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 541ada447e6b9914a30e876b440f62f38582598ddf5859b828a9ed5772d5e202
Instruction ID: 8dbfbac222018772dde419bc0f97e9bde1fface654253e2b694ae69146b1b1a7
Opcode Fuzzy Hash: 541ada447e6b9914a30e876b440f62f38582598ddf5859b828a9ed5772d5e202
Instruction Fuzzy Hash: 45F0243A71820A0BA250EDABE88083BB396D7C9355F055939EB41C3301CE72E80692D9

Function 004BB8C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695

Function 0049C5F0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696

Function 0049B410 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction ID: 11f4470bd50877988fa0129199b7fd8406a2c012ff62b2561b8c10f032d8db35
Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
Instruction Fuzzy Hash: F5F0ECB160461067DF228A95ADC0F37BF9CCB87354F190437E84557203D2A55845C3E9

Function 004B8220 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e512a46fff3890287780faf1d72080610961d73957252b2f3349f501344018e1
Instruction ID: 75f8d71e78f9813ffe208cf3b1e353db5db24240c806b3190e549ed33a33031b
Opcode Fuzzy Hash: e512a46fff3890287780faf1d72080610961d73957252b2f3349f501344018e1
Instruction Fuzzy Hash: 9501E4B44107009FC3A0EF29C485B57BBE8EB08714F008A1DE8AECB680D774A5448B82

Function 004C1440 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction ID: 443d1f183a98d0f58f22d4c2e785b320d9ce5f1e256afed0665b5fb3e5855880
Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
Instruction Fuzzy Hash: A2D05E35608321469BA88E19A400A77F7E0EA87B12B49955FF586E3259D234DC41C2AD

Function 00491ACD Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b08c898ca994ef12acd742f52aabd9597262d49e08de59c37e5f08d707b3fc7
Instruction ID: f9ce7829a3852357193da4067985fc5948242d5b1c061e74e926b49c2ddd4c1e
Opcode Fuzzy Hash: 9b08c898ca994ef12acd742f52aabd9597262d49e08de59c37e5f08d707b3fc7
Instruction Fuzzy Hash: 6EC08C34A990018BC288CF00FC95832BBB9A35730C740703BDA03F3332CA38C80A890E

Function 004C6094 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2d8baa0a8d259aa30a63977d21364b03467a7c9d84117df99fd3498bf9cb1c1
Instruction ID: 6b895f86389f0943dd643f3350ca527357a15286b7bf01ff5e1b565363765bbf
Opcode Fuzzy Hash: a2d8baa0a8d259aa30a63977d21364b03467a7c9d84117df99fd3498bf9cb1c1
Instruction Fuzzy Hash: C9C09B3865D00487924CCF04D951975F3769B9771D724B03FC90623257C134F513951E

Function 00491A3C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a289f7f959ad230dc3a9ad29b5c8f2384e86eb96c0a3880830215137b4d6abb2
Instruction ID: 2c5abe31e52e877595e45dd08601390de137197fb6fe9a1e52445a0de9feebfc
Opcode Fuzzy Hash: a289f7f959ad230dc3a9ad29b5c8f2384e86eb96c0a3880830215137b4d6abb2
Instruction Fuzzy Hash: E8C04C24A990418A86888E86A891831A6A95316208710303A9602E7261C564D409850D

Function 004C5FD6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1535989999.0000000000481000.00000040.00000001.01000000.00000003.sdmp, Offset: 00480000, based on PE: true

Associated: 00000000.00000002.1535974340.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536030945.00000000004E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536048914.00000000004EC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536156822.0000000000647000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536175188.0000000000649000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536193994.0000000000659000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536208932.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536224364.0000000000667000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536256751.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536271719.000000000066A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536285716.000000000066B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536300042.000000000066D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536315150.000000000066E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536330529.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536397123.0000000000681000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536411822.0000000000682000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536427282.000000000068A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536440769.000000000068B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536455939.0000000000696000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536473832.00000000006AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536493125.00000000006C1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536510886.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536528375.00000000006CF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536543857.00000000006D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536564025.00000000006D3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536580441.00000000006D8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536599629.00000000006E8000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536614771.00000000006E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536629398.00000000006EA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536643896.00000000006EC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536659994.00000000006F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536675321.00000000006FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536691933.0000000000704000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536708670.0000000000706000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536727185.000000000070F000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536743082.0000000000710000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536763300.0000000000717000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000718000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536778838.0000000000743000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536828195.0000000000771000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.0000000000772000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536843025.000000000077B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536879354.0000000000788000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1536894859.0000000000789000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_480000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0392ff471491b162b8f70da10d6e14da82b82567667ff6113d51e9a92d997362
Instruction ID: 95e7017425a62b9575f386995b53640eaae5d94891533982eb851dbb8c5c5cce
Opcode Fuzzy Hash: 0392ff471491b162b8f70da10d6e14da82b82567667ff6113d51e9a92d997362
Instruction Fuzzy Hash: 45C09224B6A0008BA24CCF18DD51935F3BA9B8BA1EB14B03FC906A3257D134E512860D

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe

Function 0048FCA0 Relevance: 5.4, Strings: 4, Instructions: 373
COMMON

Function 0048D110 Relevance: 1.7, APIs: 1, Instructions: 168
COMMON

Function 004C5700 Relevance: 1.6, APIs: 1, Instructions: 69
memoryCOMMON

Function 004C5BB0 Relevance: 1.5, APIs: 1, Instructions: 14
libraryCOMMON

Function 004C695B Relevance: 1.4, Strings: 1, Instructions: 100
COMMON

Function 0049049B Relevance: .3, Instructions: 264
COMMON

Function 00490228 Relevance: .2, Instructions: 218
COMMON

Function 004C3220 Relevance: 1.6, APIs: 1, Instructions: 59
memoryCOMMON

Function 004C3202 Relevance: 1.5, APIs: 1, Instructions: 6
memoryCOMMON